With an ever-increasing presence of the Indian populace on the internet, supplemented by a myriad of internet-related activities, a shift from the archaic IT Act was foreseeable. In a recent public presentation, by MEITY made on 9th March, in Bengaluru, was aimed towards presenting the nation with a newly proposed ‘Digital India Act’.
India’s Information Technology Act of 2000 was established as the foundational law to regulate the internet. However, it was formulated during the Web 1.0 era, which had limited societal interaction, low community participation, and no contribution to economic services like banking, finance, education, etc. During this period, the internet was mostly used for basic one-on-one interactions through email services.
In the past two decades, the internet has undergone significant changes and now encompasses almost every aspect of our personal and professional lives. It is now widely used for activities ranging from staying connected with friends and family to online shopping, education, and entertainment.
To achieve the goal of making India a trillion-dollar digital economy and a trusted player in the Global Value Chains for digital products, devices, platforms and solutions, Minister of State and IT, Mr. Rajeev Chandrasekhar, presented the objectives and goals of the proposed Bill. The Bill aims to address these objectives and goals by providing a regulatory framework that supports the growth of digital services and products.
- The Need for the Digital India Act?
Currently, there are approximately 850 million internet users in India, marking a significant increase from the 5.5 million users in 2000. As per the national government, India is the world’s largest “digitally linked democracy.” Nevertheless, the IT Act, which governs the country’s cyberspace, has certain shortcomings in terms of protecting user rights, ensuring trust, and promoting safety, among other issues. Therefore, a new version of the Act is necessary.
Over the years, the internet has witnessed the emergence of intricate cybercrimes, such as online trolling and cyberstalking, and the 23-year-old IT Act is inadequate in addressing these concerns. In addition, while the internet serves as a platform for disseminating information, it has also become a breeding ground for false information and fake news
Some of these grounds can be summarised as:
- The IT Act was put into effect in the year 2000, and subsequent to that, it has undergone multiple revisions and amendments (IT Act Amendment of 2008, IT Rules 2011), with a focus on defining the digital domain that it regulates while according priority to data handling policies.
- Given that the primary objective of the IT Act was to safeguard e-commerce transactions and delineate cybercrime offenses, it inadequately addressed the complexities of the current cybersecurity landscape, including the aspect of data privacy rights.
- If the governing digital laws were not completely replaced, the IT Act’s capacity to combat the growing sophistication and frequency of cyber-attacks would be inadequate.
- The new Digital India Act aspires to function as a driving force for the Indian economy by encouraging innovation and start-ups, alongside according priority to the safety, trust, and accountability of Indian citizens.
- Key Developments Expected from Digital India Act
The proposed framework aims to address the urgent need for a specialized adjudicatory mechanism that can deal with online and criminal offenses. Minister of State and IT, Mr. Rajeev Chandrasekhar, has highlighted the importance of creating such a mechanism to ensure the safety of both digitally literate and novice individuals who use the internet.
Mr. Chandrasekhar has pointed out that other regulatory bodies in different markets have introduced similar mechanisms to address this need. The proposed bill seeks to establish an adjudicatory mechanism that can provide timely remedies to citizens, resolve cyber disputes, and develop a unified cyber jurisprudence to enforce the rule of law online. Additionally, it aims to safeguard innovation and enable the development of emerging technologies such as AI/ML, web3, autonomous systems/robotics, IoT/distributed ledger/block chain, quantum computing, virtual reality/augmented reality, and real-time language translators and natural language processing.
Some of the notable features are as follows:
1. Privacy: The DPA was withdrawn with the aim of introducing a comprehensive framework of privacy rules and regulations that would enforce the rights provided in the Puttaswamy case. However, it remains uncertain whether the DIA will incorporate provisions for privacy compliances, data principal rights, data sharing, confidentiality, and other security standards, as a separate data protection law may be introduced to regulate these aspects.
2. Social Media Platforms: The DIA aims to regulate social media platforms. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 require intermediaries to act promptly to remove illegal content, disclose information to law enforcement authorities, and report cyber security incidents. These obligations apply to all intermediaries.
In addition, significant social media intermediaries (SSMIs) with over 50 lakh / five million registered users in India must comply with additional obligations. These include appointing resident officers, publishing periodic compliance reports, and using automated tools to identify sensitive material.
3. OTT Platform Regulations: According to reports, the DIA seeks to regulate over-the-top (OTT) platforms, which is not currently covered by the IT Act. To ensure effective regulation, it is important to consider the presence of dual regulators – MEITY and the Ministry of Information & Broadcasting (MIB) – and minimize jurisdictional overlaps or conflicts. The regulation should also promote self-regulation and governance by these platforms, with oversight by the ministries, in line with the provisions under the Rules.
4. Categorization of Internet Intermediaries: The DIA presents an opportunity for the government to acknowledge that internet intermediaries cannot be categorized under a uniform set of rules. Instead, they should be classified and subjected to differential obligations based on their roles, such as internet access providers and hosting providers, which play a more passive role. On the other hand, social media platforms and messaging services are more actively engaged with users and should be subject to different obligations.
5. Acknowledging More Offences and Limitations: Although it is commendable to introduce new offenses like doxing and deliberate spreading of misinformation, it is crucial that these provisions are clearly defined to avoid misinterpretation or misuse. Provisions relating to misinformation must also protect platforms that do not exercise decisional control over content. A strong set of technical and legal requirements should be implemented to safeguard the digital space in India, without compromising citizen rights, digital economy or foreign relations.
6. Revised and Improved Legislation: The DIA offers a chance to address ambiguity and rethink optimal approaches in response to technological advancements and innovation. This includes areas like the legitimacy of digital signatures, standards of evidence for electronic records, and establishing more effective methods for resolving violations in addition to crimes.
7. Conducive to Emerging Technologies: The DIA could have provisions to regulate emerging technologies like artificial intelligence and internet of things, and address associated regulatory concerns. The legislation should also take into account the impact of advancements in robotics, hyper-automation, decision-intelligence, and internet of bodies, and establish a flexible framework to govern these technologies. The framework should prioritize protecting individual rights and user autonomy while fostering innovation and digital economic growth.
8. Harmonized Compositions: The proposed legislation should be consistent with current and upcoming sector-specific regulations that have an overlap in the digital domain of electronics and information technology.
9. Safe Harbour Principle: The DIA is expected to amend the safe harbour principle established under Section 79 of the IT Act for intermediaries. The protection from liability under the new regime is anticipated to be conditional upon the intermediaries’ adherence to specific obligations related to hosting third-party information, which may differ for various types of intermediaries.
- Tsaaro for your DIA Queries
As a consultancy firm specializing in data security and privacy, Tsaaro can assist businesses in navigating the new proposed DIA act by providing advisory services on compliance with the regulations. This could include conducting gap assessments, reviewing existing privacy policies and procedures, developing a roadmap for compliance, and providing ongoing support and guidance on evolving regulations. Additionally, Tsaaro can provide training and awareness sessions to employees to ensure they are aware of the new regulations and their responsibilities. Tsaaro’s risk-based approach can help businesses prioritize their efforts and investments towards the areas of highest risk, thereby ensuring maximum protection of sensitive data and minimizing the risk of regulatory penalties.
The proposed introduction of the DIA presents an opportunity for India to regulate its digital space in a more comprehensive and effective manner. The DIA is expected to address several uncertainties surrounding the existing regulatory framework, introduce new provisions to govern emerging technologies, and modify the safe harbour principle for intermediaries. However, it is important to ensure that the legislation is well-defined, does not adversely impact individual rights or the growth of the digital economy, and is harmonious with existing and future sectoral regulations. Overall, a balanced approach that preserves respect for individual rights while promoting innovation is necessary to ensure the success of the DIA in regulating India’s digital space.
Looking for expert guidance on data security and privacy in light of the proposed DIA? Let Tsaaro help you, visit: https://tsaaro.com/