tl;dr
The Ministry of Electronics and Information Technology (“MeitY”) recently appointed Shri S. Krishnan to the post of Secretary. IFF wrote to him, welcoming him to his new role, and intending to foster a mutually enriching relationship between civil society and the Ministry. We highlighted our areas of work and underscored our past engagement with MeitY on various issues, while offering support and assistance in advancing digital rights in a way that champions constitutional rights at its core.
Our submissions
Digital technologies are deeply ingrained into the lives of everyday Indians. MeitY, through informed and transparent policy decisions, can play a vital role in protecting user interest and safeguarding our informational privacy. IFF has engaged with Meity on a number of issues over the years. With the appointment of a new secretary, we took the opportunity to write to him recounting our work generally and in specific to the MeitY, and indicate our interest in building a mutually enriching (and productive) relationship between civil society organisations and policymakers. Through continued engagement, we hope that the new secretary can empathise and align with our mission to defend online freedom, privacy and innovation. Some pressing concerns that we highlighted in our letter are as below.
The “Digital India Act”
The ‘soon-to-come’ “Digital India Act” (“DIA”), slated to replace the Information Technology (“IT”) Act, 2000, has been a subject of intense discussion and speculation the last few quarters. MeitY is yet to open it up for public consultation.
In November 2022, we specifically raised concerns to MeitY on the need to announce a truly open and public consultation process before bringing in a law such as the “DIA” that would affect ordinary Indians. Moreover, we urged the Ministry to first address existing lacunae and inadequacies of the IT Act, 2000 before attempting to replace it, so that the new law does not replicate them. We have been pointedly requesting them to collaborate with multiple and diverse stakeholders and work towards building a statutory framework that safeguards the user through an open, transparent and deliberate public consultation.
One of our suggestions urges MeitY to publish a white paper underlining their intent with the “DIA” and conduct broad-based stakeholder consultations around it before such a law is brought to the parliament. The white paper or discussion paper should include, but not be limited to, a clear articulation of the issues, risks or harms considered by the government, the results and analysis of any cost-benefit analysis undertaken by the government, the options or alternatives considered by the government to deal with these issues and their position on each of them, and so on. Further, we reiterated that the new digital legal framework should be based on constitutional principles, enshrining constitutionally guaranteed fundamental rights.
The Digital Personal Data Protection Act
We have made similar remarks to the Ministry on the recent Digital Personal Data Protection Act, 2023 (“DPDPA”), which was also introduced without due consideration to the Pre-legislative Consultation Policy (“PLCP”), 2014, which mandates releasing a law for public comment before introducing it in the parliament. We requested MeitY to respect the precedents for public consultations set in the past, including provisions to send comments/submissions within a reasonable duration (no less than 30 days), making the comments publicly available and allowing for counter comments. Disappointingly, the DPDPA was passed without adequate engagement. In addition to this, we echoed concerns flagged by members of parliament that the Act was passed without due consideration to parliamentary rules and procedure, including a version of it being studied by the Parliamentary Standing Committee on Communications and Information Technology without first introducing it in the parliament and formally referring it to the committee.
On the DPDPA, we pointed the Ministry towards our first read of the Act and the glaring issues we identified with some provisions thereof. The Act excludes from its ambit any publicly available personal data, which makes data principles vulnerable to online scraping. It has weak notice requirements for data sharing, storage or transfer, and worryingly imposes duties and penalties on data principles. The Act is replete with vague or indefinite provisions – processing of data without consent is allowed for “certain legitimate uses” which is not adequately defined, cross-border data transfer is allowed on vague terms and only to countries not specified in a ‘blocklist’, which will be notified, and in many instances in the Act, enforcement is left up to rules that will be notified later by the centre. Additionally, sweeping exemptions may be awarded to the Union Government and private actors, through rules. The right to information has been diluted and the Act fails to provide safeguards against overbroad surveillance. The Data Protection Board, a statutory body slated to oversee the implementation of the Act, may not be an independent, neutral and impartial body, and is empowered to direct the Union Government to block access to information in public interest.
These are our ongoing concerns with the DPDPA, 2023 which will see continued advocacy efforts from our end. IFF has submitted detailed comments to all the former iterations of the Act as well, reflecting similar points. We requested MeitY to take these into account before proceeding with the Act and continue to engage with civil society to introduce necessary changes and safeguards to the Act.
Consultation process frictions
We, at IFF, strongly advocate for an open and fair pre-legislative public consultation process, and have been monitoring past instances wherein MeitY has not adopted consistent or transparent practices for public consultations. For one, there have been instances where the Ministry has released policies and guidelines, only to withdraw them shortly after, or make changes to the consultation process without due reasons or impetus. On June 01, 2022, MeitY published a notice seeking comments on the proposed draft amendments to the IT Rules, 2021, and draft ‘Guidelines for the Anonymisation of Data’ were released for public consultation in August, 2022. In February 2022, MeitY published the ‘Draft India Data Accessibility & Use Policy, 2022’ to which substantial changes were made during the consultation period without any public acknowledgement – an issue we wrote to them extensively about. We once again pointed to the Ministry that such errors and recalls during the consultation process significantly affect its quality and sanctity.
Further, we recently wrote to MeitY requesting that the process of submitting comments to the Draft National Strategy on Robotics be made easier. Comments on the draft are being invited through the MyGov portal with restrictions such as an OTP authentication barrier, two-comment limit, 5000 character limit, language barriers and format restrictions. We noted that such limitations on public consultations are unnecessary and undermine the public’s ability to meaningfully engage with the strategy. While acknowledging MeitY’s efforts to make the consultation process quick and convenient by hosting it on the MyGov platform, we issued specific and actionable recommendations to make it even more accessible.
Such restrictive practices and arbitrary actions reduce public trust in the policy consultation process and make it harder for interested stakeholders to meaningfully engage with the government. We (once again) place our hopes in MeitY – that they will soon establish mechanisms to curb such errors and ensure that the public consultation process for upcoming policies is genuine, open, transparent, inclusive and deliberative.
Internet restrictions and content blocking
We, at IFF, work towards preserving free speech on the internet, and push back against any attempt at arbitrary censorship or content takedowns. In March 2023, an internet shutdown was put into effect for nearly 27 million people by the Government of Punjab in response to the Punjab Police’s operation to arrest Amritpal Singh. Social media accounts of journalists, activists, and civil society organisations within and outside India were arbitrarily identified and blocked for all four days of the internet shutdown. We wrote to MeitY flagging that the reasons for withholding these accounts were not made public, and it remained unclear whether blocking orders were provided to the affected persons, and whether an opportunity to be heard was provided before issuing such blocking orders. We reminded the Ministry that arbitrary blocking is harmful not only for operational transparency but also for India’s democratic ethos. MeitY is empowered to block information only if it is necessary to do so in limited contexts, while adopting transparency in exercising such powers. Blocking orders must be furnished to the affected persons, and made public to ensure transparent and accountable exercise of powers.
In the past, we have made similar requests to MeitY as well as the Department of Telecommunications (“DoT”) to publish executive orders issued to Internet Service Licensees for blocking URLs. We were disappointed to note that neither the court orders containing directions for blocking URLs that were issued to various Internet Service Licensees, nor judicial orders for blocking notifications/ instructions, were published on the MeitY website. The DoT, fortunately, has uploaded both orders to its website proactively.
Disclosure of the court orders not only ensures transparency and fairness, but also fosters public trust in the public authorities that are constrained to block websites in accordance with law. As the nodal ministry for the implementation of the IT Act, 2000, we urged MeitY to put into place a structure under which these orders can be proactively disclosed. In this age of digital communication, protecting online speech has become extremely vital as it is a vessel for expressing democratic opinion. One way this can be done is by proactively making public the reasons for blocking specific websites.
Civil society engagement
Considering our sustained engagement with and interest in many issues in MeitY’s roster, we requested the Ministry to engage with civil society stakeholders such as IFF, and invite them to public consultations and conversations such as the ongoing ‘Digital India Dialogues’. We reminded them of the many times we have urged them to invite stakeholders specifically for meetings or public consultations regarding the “Digital India Act” and the DPDPA, 2023 (see our letters here, here, here and here). Further, we pointed out to them that such public consultations must remain truly open and accessible to the public and no person is denied participation, regardless of their affiliation or status. The combined efforts and voices of civil society can assist MeitY in developing robust governance frameworks for India’s digital revolution – so, we requested the Ministry to engage with civil society in good faith, and invite us for meaningful dialogues moving forward.
Important documents:
- IFF’s letter of welcome to the MeitY Secretary (link)
- IFF’s letter to MeitY requesting an open public consultation process for the draft Digital India Bill and draft Digital Personal Data Protection Bill (link)
- IFF’s first read of the Digital Data Protection Bill, 2023 (link)
- IFF’s letter to Meity on the Draft National Strategy on Robotics (link)