Reports
Esya Centre
A Survey-Based Assessment of the Impact of the ...
A Survey-Based Assessment of the Impact of the Draft Digital Competition Bill, 2024 on MSMEs in India

Internet and Data Governance

Comments on the “Draft Omnibus Framework for Recognizing Self-Regulatory Organisations (SROs) for Regulated Entities (REs) of the Reserve Bank of India”

The Reserve Bank of India (RBI) released the Draft Omnibus Framework for recognizing Self- Regulatory Organisations for Regulated Entities of the Reserve Bank of India (Draft Framework) for public comments on December 21, 2023. The Esya Centre is pleased to be afforded an opportunity to respond to the Draft Regulations. Our response is divided into two parts. Part I provides a preliminary overview of our response and Part II delves deeper into specific aspects of the regulations, such as the need for precise definitions of regulated entity categories, clarity on the number of self-regulatory organisations per category, necessity of defined timelines for RBI decisions, and the inclusion of civil society organisations in the framework's functioning.

Attribution: Comments on the “Draft Omnibus Framework for Recognizing Self-Regulatory Organisations (SROs) for Regulated Entities (REs) of the Reserve Bank of India”. Issue No. 114, January 2024, Esya Centre.

Response to the Draft Broadcasting Services (Regulation) Bill 2023

Description: The Ministry of Information and Broadcasting (MIB) initiated public consultations for the Draft Broadcasting Services (Regulation) Bill, 2023 on November 10, 2023. The Esya Centre is pleased to be afforded an opportunity to respond to the Draft Bill. Our analysis, which examines each clause in detail, aims to unravel the complexities in the Bill. In doing so, we provide in-depth insights, particularly focused on the proposed inclusion of OTT services and news and current affairs publishers under the same regulatory framework as traditional broadcasters such as cable TV and radio. 

Attribution: Response to the Draft Broadcasting Services (Regulation) Bill 2023; Issue No. 112, January 2024, Esya Centre.

An Empirical Evaluation of the Implementation Challenges of the Digital Personal Data Protection Act, 2023

Description: This report examines the challenges to implementing India’s Digital Personal Data Protection Act, 2023 (DPDPA). Seeking to understand the operational and technical hurdles faced by organisations to the Act’s enforcement, the report delves into aspects related to the implementation of consent mechanisms, provisions for children and persons with disabilities, and the intricacies of appointing data protection officers. Specifically, it explores the internal processes required for compliance and establishes the timelines necessary for meeting the DPDPA’s obligations.

Attribution: Meghna Bal. An Empirical Evaluation of the Implementation Challenges of the Digital Personal Data Protection Act, 2023: Insights and Recommendations for the Way Forward. January 2024, Esya Centre.

Mobile Security - An Assessment of CyberSecurity Threats in the Indian Ecosystem

Mobile device ecosystem is susceptible to operating system (OS) security concerns, untrusted third-party application (app) stores, and unchecked API sharing. These vulnerabilities can be mitigated to make it more difficult for attackers to exploit mobile systems. Therefore, the domestic regulatory frameworks and discourses must prioritise system security and preventing device vulnerabilities.

The Pitfalls of Regulating M2M Communication Services under Telecom Law

Description: This primer questions the effect of regulating machine-to-machine (M2M) communication services by using telecom law in India. It responds to the Draft Indian Telecommunication Bill 2022, on which comments have been sought by the Department of Telecommunications (DoT), which defines a ‘telecommunication service’ to include ‘machine-to-machine communication services’ – suggesting that telecom style regulation may be applied to M2M communications as well. It outlines the technology that underpins M2M services, the regulatory issues that may arise as they gain use, asks whether telecom law is suited to redressing these concerns, and concludes with recommendations.

Attribution: Mohit Chawdhry, The Pitfalls of Regulating M2M Communication Services under Telecom Law, October 2023, Esya Centre.

Unbundling the demand for a Network Usage Fee

Description: Major telecom service providers (telecom operators or telcos) in India are arguing for the introduction of a network usage fee for over-the-top (OTT) applications. They contend that there is currently a structural imbalance as OTT platforms allegedly benefit from telecom operator funded networks but do not invest in creating, operating, maintaining or expanding them. Relying on secondary research, this report evaluates the merits of their assertions. Broadly, the literature available indicates that contentions in favour of network usage fees may be incorrect.

Attribution: Noyanika Batta & Meghna Bal. Unbundling the demand for a Network Usage Fee. July 2023, Esya Centre.

Assigning Spectrum for Satellite Services in India

Description: The release of the Telecom Regulatory Authority of India’s consultation paper on “Assignment of Spectrum for Space-based Communication Services” in April 2023, triggered a debate on whether or not spectrum should be assigned across satcom services via auctions. It has also sparked concerns regarding access to sufficient satellite spectrum amongst global satellite operators such as Amazon (Project Kuiper) and OneWeb who want to enter the Indian market. The paper comes at a time when TRAI is consulting with stakeholders on spectrum assignment for space-based communication services. It presents a comprehensive analysis of technical, regulatory, and economic arguments on this issue and echoes the view of majority stakeholders.

Attribution: Tamanna Sharma and Niharika. Assigning Spectrum for Satellite Services in India. June 2023,Esya Centre.

Information Warfare Through Social Media Platforms

Description: This paper focuses on information warfare operations conducted by foreign adversaries through social media platforms. Specifically, it considers challenges related to social media and information warfare in the Indian context and makes suggestions on how India may mitigate such threats, in particular by leveraging and partnering with domestic social media platforms. The recommendations in the paper emanate from global best practices in responding to these threats.

Attribution: Vaishnavi Prasad and Meghna Bal. Information Warfare Through Social Media Platforms. March 2023, Esya Centre.

Response to TRAI’s Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services

The Esya Centre is pleased to respond to the TRAI's Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services. We commend TRAI for providing an open platform for stakeholders to share their feedback on this critical issue.

Our response is divided into two parts. Part I presents our brief reactions to the consultation paper, while Part II provides a comprehensive analysis of our response. Our response is structured into five sections, each addressing a specific issue raised in the consultation. In each section, we examine TRAI's observations and propose counterarguments where necessary. Our aim is to engage with TRAI’s recommendations from first principles and bring attention to areas that may benefit from greater conceptual clarity.

Attribution: Response to TRAI’s Consultation Paper on Regulating Converged Digital Technologies and Services- Enabling Convergence of Carriage of Broadcasting and Telecommunication Services. Issue No. 107, April 2023, Esya Centre.

Addressing Regulatory Fragmentation in Cross-Border Data Flows

Description: The rules governing cross-border data flows are becoming increasingly fragmented, at the domestic and international level. In April 2020, some 128 of 194 countries had data protection rules in place. While these laws manifest different approaches to cross-border data transfers, trends suggest that restrictions are growing on free data flows. This paper examines the competing approaches to cross-border data flows and identifies some challenges. It also explores India’s new approach to cross-border data flows, and the opportunity the country can seize to champion a more harmonised regulatory approach.

Attribution: Vaishnavi Prasad. Addressing Regulatory Fragmentation in Cross-Border Data Flows. February 2023, Esya Centre.

Regulation of OTT Communications Services: Justified Concern or Exaggerated Fear?

Description: Telecom service providers (TSPs) have been pushing for the regulation of over-the-top (OTT) service providers in India since 2015. Meanwhile, OTT firms maintain that their services are not comparable with telecom. The debate centres on two issues in particular: same service, same rules and infrastructure cost sharing. The merits of the TSPs’ demands and counterarguments are explored in this paper.

Part 1 of this paper outlines the demands raised by TSPs and the merits of these from a historical and legal perspective. 

Part 2 of the paper compares OTT regulation trends across some jurisdictions. The aim is to trace the changes made to telecom regulations internationally in response to emerging technologies and ask whether OTTs have been brought under the regulatory regime for TSPs. 

Finally, in Part 3 of the paper, through insights from historical and legal analysis and from a comparative standpoint, we recommend the approach the government should adopt.

Attribution: Noyanika Batta. Regulation of OTT Communications Services: Justified Concern or Exaggerated Fear? January 2023, Esya Centre.

Offshore Online Betting and Gambling in India: A Risk Assessment

Synopsis: This paper describes how offshore betting and gambling websites are violating Indian law with impunity. By operating from foreign jurisdictions, they are able to evade enforcement actions by Indian authorities. Blocking access to these websites and preventing offshore betting and gambling firms from operating in India is crucial to the welfare of Indian citizens. While mechanisms exist to effect such remedies, they are difficult to enforce for reasons we attempt to identify. We map the offshore betting and gambling ecosystem to understand its scope of operations and the nature of its harms, in order to suggest remedies in India.

Attribution: Priyesh Mishra. Offshore Online Betting and Gambling in India: A Risk Assessment. July 2022, Esya Centre.

Securing ICT Supply Chains: An Evidence Based Approach

Description: This report highlights the increasing complexity and security concerns associated with global ICT supply chains. It discusses the impact of repeated cyber-attacks on supply chain vulnerabilities and outlines national security measures adopted by governments, such as the exclusion of Chinese vendors and app bans. The report emphasizes the need for a balanced approach, citing the evidence-based executive order issued by US President Joe Biden as a model for securing ICT supply chains without hindering innovation or trade. The brief concludes with an analysis of how the Indian cybersecurity framework aligns with these principles.

Attribution: Chawdhry, Mohit. Securing ICT Supply Chains: An Evidence Based Approach. Issue No. 011, August 2021, Esya Centre.

Bridging the Transparency Gap: A Comparative Assessment of Surveillance-Related Transparency Efforts in the United States and India

Description: This report delves into the extensive government surveillance programs in the United States and India, emphasizing the need for transparency in operations involving user data. It suggests recommendations for both governments and companies to enhance accountability, aligning with international principles on human rights in communication surveillance. Specific recommendations include legal reforms, granular data publication on surveillance requests, transparency on data audit processes, and collaboration with civil society. The report encourages U.S. companies to disclose more information related to government surveillance activities in India.

Attribution: Singh, Spandana and Bal, Meghna. Bridging the Transparency Gap: A Comparative Assessment of Surveillance-Related Transparency Efforts in the United States and India. Special Report, August 2021. Esya Centre and Open Technology Institute.

The Booming World of India's Social Media Apps

Description: This report examines the evolving landscape of social media apps in India, particularly focusing on the surge of short-video apps. The widespread adoption of affordable smartphones and cheap data has led to a boom in internet users, primarily on mobile phones. Despite progress in bridging the urban-rural digital gap, a significant gender disparity persists. The paper explores the economic implications and societal challenges related to increasing online users, especially women, while emphasizing its unbiased research approach.

Attribution: Bahree, Megha. The Booming World of India’s Social Media Apps. Report 010, July 2021, Esya Centre.

India's G20 Presidency: Promoting Trust and Inclusivity in a Digital World

Description: This report discusses the G20's evolution as a key global financial forum and its increasing focus on digital technologies. With India set to lead in 2023, it proposes a digital agenda, emphasizing trust-building and reducing the digital divide. Seven focus areas include digital corridors, infrastructure, MSME capacity building, open data, technical cooperation, regional collaboration, and frameworks for emerging technologies like AI and 5G. The aim is to foster international cooperation and inclusive development.

Attribution: Chawdhry, Mohit and Agarwal, Rohan. India’s G20 Presidency: Promoting Trust and Inclusivity in a Digital World. Report Issue 008, May 2021, Esya Centre.

Aligning Labour Reforms with India's Digital Aspirations

This Policy Brief comes on the heels of reports that the Central Government has deferred the implementation of the latest Labour Codes, for want of state-level rules.

The latest labour law reforms of the Modi Government constitute four distinct Codes on (a) wages; (b) social security; (c) industrial relations; and (d) occupational, health, safety and working conditions. They were enacted to consolidate and update an obsolete framework.

While the proposed labour reform extends social security benefits to gig workers, its overall implications for the digital economy remains mixed.

The Policy Brief suggests that certain elements of the Codes, remain out of sync with key attributes of the digital economy, namely economies of scale, network effects and the importance of momentum.

Moreover, the new labour codes add rigidity, uncertainty and regulatory discretion in terms of hiring, work hours, labour management and firing costs—that will negatively impact the digital economy.

For instance, the Occupational Safety, Health and Working Conditions (“OSHWC”) Code restricts employers from engaging contract labour in their ‘core’ activities.

The Policy Brief concludes with concrete suggestions which can improve the framework’s overall suitability for Digital India.

These suggestions include a strong focus on targeted income support for gig workers and specific measures to operationalise the delivery of benefits for gig workers under the Social Security Code.

Further, the Policy Brief suggests means to reduce regulatory discretion through i) adoption of clear standards and procedures; and ii) promotion of self-certification schemes for digital businesses.

Attribution: Deb, Sidharth and Chawdhry, Mohit. Aligning Labour Reforms with India’s Digital Aspirations. Policy Brief No. 206, April 2021, Esya Centre.

Nine Principles for India's Digital Economy

Global mobile data traffic was around 456 exabytes in 2019, of which India accounted for around 75 exabytes or around 16 percent, according to Ericsson. Around 14 percent of the global population resides in India and, consequently, the country punches slightly above its weight in terms of mobile data consumption. The size of India’s opportunity to unlock value through such consumption, is perhaps without parallel in the developing world. This can be achieved through a principles-based framework for governance of information technology (IT). The nine principles detailed in this brief can also aid the design of a new-age IT legislation, that fosters innovation, competition and growth:

Principle 1: Legal Recognition

Provide adequate legal recognition and clarity to new digital businesses

Principle 2: Level Playing Field

Level the playing field for small digital businesses and entrepreneurs to compete effectively, through

deregulation

Principle 3: Risk-Based Regulation

Encourage regulations that are activity-specific and prioritise consumer welfare over state control

Principle 4: Functional Classification of Intermediaries through Co-Regulatory Model

Leverage coregulation to help digital intermediaries evolve, innovate and scale

Principle 5: Transparent and Accountable Self-Regulation

Employ self-regulatory and co-regulatory bodies to offset the need for legacy regulatory constructs.

Principle 6: Platform Neutrality

Ensure that large businesses do not discriminate between equal business partners, and consequently reduce the probabilities of gatekeeping.

Principle 7: Privacy and Security by Design

Promote product and platform design that helps local companies access global markets with low compliance costs.

Principle 8: Fair, Reasonable and Non-Discriminatory

(FRAND) Terms Guide business conduct through the FRAND principle, to minimise the need for economic regulation.

Principle 9: Trust and the Global Internet

Promote the use of standards and protocols that build trust in the internet and leverage the wealth of Indian experience in multi-stakeholder collaboration and open design.

Attribution: “Nine Principles for India’s Digital Economy” Special Report, September 2020, Digital India Foundation and Esya Centre.

Database Regulation: Examining Existing Approaches and Considerations for India

Regulators around the world are scrutinising tech companies—the US, EU, India and other jurisdictions are filing competition lawsuits against large digital platforms, and the EU as part of its digital data strategy recently released drafts of the Digital Services Act, Digital Markets Act, and Data Governance Act on competition, content moderation, platform liability, and other aspects of digital technology. In India the government recently released draft frameworks for non-personal data regulation (the NPD Report) while a Joint Select Committee in Parliament is deliberating on the draft Personal Data Protection Bill, and the government indicates interest in a focus on developing artificial intelligence and related technologies.

Data is at the core of how digital platforms provide the products and services we use today, and is central to their functioning. It also has wider implications, and the transition from a paper-based system to a digital one offers multiple advantages not always related to technology: permitting better management of information, increasing security and efficiency, and providing information and insights to enable better decision making. Data is also being used at an unprecedented scale, in public service delivery, finance, healthcare, transportation, and marketing. A variety of stakeholders are collecting increasing volumes of data, whether personal, non-personal or a combination of the two.

Yet vast amounts of data are not useful in themselves without ways to make sense of them. This is what many emerging technologies do, from machine learning to the wide range of tools named ‘artificial intelligence’—they are methods to analyse and derive value from large volumes of data, and in many cases the way they work improves when given more diverse data to analyse. It is only possible to do so by ordering and organising data into specific formats depending on the intended use: this is the role of a database.

This paper examines how databases are afforded protection and details some key considerations for database regulation in India. It explores database protections in other jurisdictions, primarily the European Union and the United States. Section 1 defines a database, 2 explores the protections afforded by copyright law, 3 examines sui generis or standalone database protections, 4 explores protection by unfair competition laws, 5 examines the protections prevailing in India, and 6 lists emerging considerations and policy recommendations.

Attribution: Aishwarya Giridhar, “Database Regulation: Examining Existing Approaches and Considerations for India,” Special Issue No. 205, Feb. 2021, Esya Centre

Response to the Second Draft Report by the Committee of Experts on Non-personal Data Governance Framework

We at the Esya Centre are grateful for the opportunity given to us by the Ministry of Electronics and Information Technology (MeitY) to respond to the Committee of Expert’s Report on Non-Personal Data Governance Framework (Report). We appreciate that the Committee has attempted to set out a broad framework that seeks to regulate several facets of the use of Non-Personal Data (NPD) while identifying possible areas of concern. In our suggestions, we engage with the Committee’s key recommendations and identify areas which require greater clarity. We recommend actions that assist in creating effective regulation geared towards achieving defined goals and outcomes. Part I contains the summary of recommendations, and Part II contains a detailed analysis of substantive elements of the Report. We have structured our responses into 4 themes namely: i) the definition of Non-Personal Data, ii) overlaps with existing proprietary frameworks, iii) community data and HVDs and iv) the regulatory architecture.