Internet Governance Main
-
The report must place greater emphasis and take into consideration the digital divide between the urban and rural population as well as the the gender divide that exists amongst Indian citizens
-
There is a lack of clarity on how the data will be collected and shared between the different systems within the ICJS and for how long will the data be retained.
-
There is a lack of clarity on the rules and regulations surrounding storage of data collected under this project
-
There are a number of key limitations of the proposed technologies (automated courts, virtual courtrooms and online dispute resolution mechanisms) that will limit their effectiveness
-
Increased technological integration would require dedicated efforts to foster public trust in the judicial process.
-
While South Asian countries like Philippines and Thailand are constantly developing strong systems to handle most cases online and transitioning to an e-court system, countries like Vietnam and Indonesia have introduced limited systems for exchange of documents before hearings.
-
The issues reported with the functioning of the e-court system in South Asian nations include insufficient infrastructure and equipment, inadequate training of court personnel, limited IT support, and staff shortages that constrain data encoding and updating of court records.
-
Countries like China and Singapore undertook a deliberative slow uptake process, applying eCourts and technology to judicial hearings sectorally in the beginning to test their effectiveness. Thereafter large-scale implementation of virtual or digital courts and new technologies like - data analytics for caseload prediction in Singapore and China’s e-evidence platform based on blockchain technology - have proved to serve the intended purpose of efficient and effective judicial process with the aid of digital technologies.
-
African countries such as Kenya and Libya have seamlessly transitioned to virtual court systems and e-filings along with other e-services for justice delivery. However, challenges with implementation persist, mainly relating to -
-
● Low internet penetration rates creating a digital divide mainly between the urban and rural areas of Africa.
-
● Power outages, mainly in rural areas of Africa thus creating an impediment to access to justice with respect to virtual hearings in rural areas without electricity backup.
-
● Lack of skills for operating digital judicial systems requiring effective and continuous user-training to operate technologies like Kenya’s Electronic Case Management System (ECMS).
-
● Challenges with complicated digital systems where continuous user platform development is required to simplify processes to access and use systems like online-filing or access to judicial websites so as to make it easy to use for all stakeholders involved.
-
● Need for a singular legislative and regulatory framework prior to adoption, whereby different rules on similar cases in different virtual courts across states causes inter-state judicial splits, an impediment to access to justice
-
C. Recommendations:
- 1. Dedicated programs must be identified and supported to ensure that citizen focused
digitisation takes place so as to not leave any people out of the scope of the judiciary
-
A dedicated regulatory and administrative framework must be published as soon as possible that takes into consideration questions of data storage, data protection and purpose limitation among other considerations. Such a framework must also explicitly call out the limited use cases of technologies like virtual courts.
-
The MHA to codify and specify the regulations with regard to the processing of data through the systems under the ICJS and clear directives on the nature and scope of integration of judicial infrastructure with the ICJS must be provided
-
Studies to be conducted to identify the challenges that may arise when implementing proposals such as virtual or automated courts, virtual courtrooms that use audio visual software and online dispute resolution mechanisms. Such studies would allow for policies to be effectively identified prior to widespread implementation and would significantly reduce the possibility of unintended harms.
-
Identifying measures to improve public trust in the integration of technology within the judiciary through judicial education schemes, etc.
-
Due to varying precedents provided by High Courts and the Supreme Court of the country, there is a requirement for uniform and clear guidelines/directives with respect to the process of electronic evidence management and preservation in India.
-
-
-
-
Application of Data Protection Legislation: Due to the sensitive processing of personal data accompanied with harms arising from unlawful surveillance, such a data exchange and delivery model should not be deployed without an overarching data protection legislation. It is vital that the application of the legislation extends to the model. The Data Protection Authority of India should be able to exercise its investigative, corrective and advisory powers over the functioning and management of the model.
-
Independent Regulator: Oversight over the functioning of the platform should not be vested with the agency that is responsible for the maintenance of the platform to address potential conflict of interest issues. Additional sub - committees based on subject matter expertise for each individual scheme can be set up to assist the regulator, if required. The independent regulator should have strong investigative, corrective and advisory powers for effective oversight over the activities of the platform. Enforcement actions of the regulator should be transparent.
-
Governance: The data fiduciary responsible for the management and operation of the data exchange and delivery platform should be clearly identified. The platform should have valid legislative backing. In case of involvement of private actors, additional safeguards related to the privacy and confidentiality of the data in the platform should be implemented.
-
Data Protection Authority of India and Platform: There should be clear channels of communication between the data protection authority of India and the data fiduciaries managing and accessing the platform for guidance on data protection issues.
-
Grievance Redressal Mechanism: An accessible grievance redressal mechanism should be set up at different points of the service delivery and their existence should be publicised through different mediums. As the platform can act as a single point of failure for multiple schemes, an integration of the redressal mechanisms across multiple schemes should be considered based on existing institutional structures. Multiple channels for receiving complaints must be set up for the citizen’s convenience.
Health IDs: Voluntary or Mandatory?
On August 15, 2020, the prime minister launched the National Digital Health Mission (NDHM) with the objective of improving and streamlining the Indian healthcare system. In December 2020, the Central Government, notified the National Digital Health Mission: Health Data Management Policy (Health Data Policy) seeking to create a digital health ecosystem under the NDHM. A core pillar of the Health Data Policy is to create a unique health identity (UHID) for every Indian citizen.
The Ministry And The Trace: Subverting End-To-End Encryption
A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.
State of Consumer Digital Security in India
This report attempts to identify the existing state of digital safety in India, with a mapping of digital threats, which will aid stakeholders in identifying and addressing digital security problems in the country. This project was funded by the Asia Foundation.
Comments on the Cinematograph (Amendment) Bill, 2021
In this submission, we examine the constitutionality and legality of the Cinematograph (Amendment) Bill, 2021, which was released by the Ministry of Information and Broadcasting.
Right to Exclusion, Government Spaces, and Speech
The conclusion of the litigation surrounding Trump blocking its critiques on Twitter brings to forefront two less-discussed aspects of intermediary liability: a) if social media platforms could be compelled to ‘carry’ speech under any established legal principles, thereby limiting their right to exclude users or speech, and b) whether users have a constitutional right to access social media spaces of elected officials. This essay analyzes these issues under the American law, as well as draws parallel for India, in light of the ongoing litigation around the suspension of advocate Sanjay Hegde’s Twitter account.
At the Heart of Crypto Investing, There is Tether. But Will its Promise Pan Out?
The $18.5 million fine levied by the New York attorney general’s office earlier this year to settle a legal dispute, raises more questions than answers.
Submission to the Facebook Oversight Board in Case 2021-008-FB-FBR: Brazil, Health Misinformation and Lockdowns
In this note, we answer questions set out by the Board, pursuant to case 2021-008-FB-FBR, which concerned a post made by a Brazilian sub-national health official, and raised questions on health misinformation and enforcement of Facebook's community standards.
On the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
This note examines the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The analysis is consistent with previous work carried out by CIS on issues of intermediary liability and freedom of expression.
A Comparative Analysis of Cryptocurrency Reporting in Financial Statements
The Ministry of Corporate Affairs (MCA) on March 24, 2021, came out with a notification inter alia mandating disclosures of cryptocurrency holdings by companies in their balance sheets. These changes have been effectuated by making requisite amendments to Schedule III of the Companies Act, 2013. The notification specified that companies are now required to report the profit or loss accrued due to trade or investment in any type of cryptocurrency or virtual currency, the amount of cryptocurrency that the company holds on the reporting date, and the deposits or advances from any person that have been made for the purposes of trading or investing in cryptocurrencies or virtual currencies.
The decision on new disclosure requirements comes amidst parliamentary discussions on cryptocurrency and speculations of another attempt at prohibition. Meanwhile, this step has been welcomed by the cryptocurrency industry in India as it signals towards a more positive approach being taken by the government with regards to corporate cryptocurrency transactions in India. Moreover, while it opens up new possibilities of scrutiny of such transactions, this measure will also be beneficial in identifying key policy gaps in cryptocurrency regulation in India when we look at corresponding requirements in foreign jurisdictions.
In this Issue Brief, the policy landscape in the United States of America (USA), United Kingdom (UK), and Japan is discussed and particular emphasis is placed upon definition, accounting practices, and taxation, with respect to cryptocurrencies. It is thus identified that such jurisdictions have taken concrete steps in this regard by providing clear guidance (such as through HMRC’s Cryptoassets Manual and ASBJ’s advisory notification on accounting for cryptocurrencies).
Then, the regulations in India are looked into comprehensively and specific policy recommendations are made, as it is ascertained that no clear steps have been taken in the aspects that have been mentioned above. Although the March MCA Notification is a positive step on corporate cryptocurrency transactions, the following steps are needed further: firstly, a clear and comprehensive definition of cryptocurrency and cryptoassets must be laid down, preferably through a central legislation; secondly, a separate category for cryptocurrencies under the Indian Accounting Standards (Ind AS) should be created; and thirdly, complete guidance on applicable taxes on cryptocurrency transactions, by individuals and corporates, must be provided.
It is thus concluded that while the government is willing to engage with various stakeholders, with positive intent, comprehensive and definitive steps are the need of the hour. This is essential to safeguard the large number of cryptocurrency investors in India, and to quell the uncertainty that is created by speculative measures such as banks declining services for cryptocurrency transactions.
The full issue brief can be read here
CIS Comments on the Phase III of E-Courts draft policy
EXECUTIVE SUMMARY
This submission is a response by the researchers at CIS to the Supreme Court E-committee’s draft vision document of phase III of the E-courts project.
We have put forward the following comments and recommendations based on our analysis of the draft report:
A. General Comments
B. International Comparison
We have comparatively analysed the integration of digital technology into the judiciary in both South Asia and Africa. Having identified their implementation in both these regions we have identified the following trends:
Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media
In the past few years, social networking sites have come to play a central role in intermediating the public’s access to and deliberation of information critical to a thriving democracy. In stark contrast to early utopian visions which imagined that the internet would create a more informed public, facilitate citizen-led engagement, and democratize media, what we see now is the growing association of social media platforms with political polarization and the entrenchment of racism, homophobia, and xenophobia.
Regulating Sexist Online Harassment as a Form of Censorship
This paper is part of a series under IT for Change’s project, Recognize, Resist, Remedy: Combating Sexist Hate Speech Online. The series, titled Rethinking Legal-Institutional Approaches to Sexist Hate Speech in India, aims to create a space for civil society actors to proactively engage in the remaking of online governance, bringing together inputs from legal scholars, practitioners, and activists. The papers reflect upon the issue of online sexism and misogyny, proposing recommendations for appropriate legal-institutional responses. The series is funded by EdelGive Foundation, India and International Development Research Centre, Canada.
Community Data and Decisional Autonomy: Dissecting an Indian Legal Innovation for Emerging Economies
Read this paper configuring community data with Indian constitutional jurisprudence by Amber Sinha and Arindrajit Basu
Rethinking Data Exchange & Delivery Models
Executive Summary
In 2020, reports of the government's proposal to create a social registry to update the Socio Economic Caste Census 2011 data started surfacing. Based on the limited information around these proposals in the public domain, it is imperative that adequate consideration be provided to develop such systems in a manner that protects the informational privacy of the individuals. Currently, the proposed Personal Data Protection Bill, 2019 is being deliberated by the Joint Parliamentary Committee and is expected to be tabled in the Monsoon Session of Parliament. The proposed data protection framework is a marked improvement over its predecessor, Section 43A of the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011. One substantial change in the context of welfare delivery is that the scope of the application of the proposed framework extends to the personal data processing by the government and its agencies.
The objective of the white paper is to examine the application of the proposed data protection provisions on such a welfare delivery model (data exchange and delivery model) and suggest ways to operationalise key provisions. The scope of this white paper is limited to examining the personal data implications of the model and the effective governance of such platforms in India. The paper relies on publicly available details of India’s and other selected countries (Indonesia, Brazil, China, Malawi, Kenya, Estonia) digital infrastructure, proposals, schemes and legal frameworks in relation to welfare delivery in the country. International best practices around implementation of the principles of privacy and openness are analysed to suggest methods to operationalise these requirements in the context of the data exchange and delivery models and the proposed data protection framework of the country.
Based on the global experience of implementing data exchange and delivery models and the best practices for implementation of data protection provisions, following are some of the key recommendations (in addition to discussing ways to operationalise the data protection provisions) for such a platform in the Indian context:
Comments and recommendations to the Guidelines for “Influencer Advertising on Digital Media”
In February, the Advertising Standards Council of India (ASCI) had issued draft rules for regulation of digital influencers, with an aim to "understand the peculiarities of [online] advertisements and the way consumers view them", as well as to ensure that: "consumers must be able to distinguish when something is being promoted with an intention to influence their opinion or behaviour for an immediate or eventual commercial gain". In lieu of this, we presented our responses.
Recommendations for the Covid Vaccine Intelligence Network (Co-Win) platform
The first confirmed case of Covid-19 was recorded in India on January 30, 2020, and India’s vaccination drive started 12 months later on January 16, 2021; with the anxiety and hope that this signals the end of the pandemic. The first phase of the vaccination drive identified healthcare professionals and other frontline workers as beneficiaries. The second phase, which has been rolled out from March 1, covers specified sections of the general population; those above 60 years and those between 45 years and 60 with specific comorbid conditions. The first phase also saw the deployment of the Covid Vaccine Intelligence Network (Co-Win) platform to roll out and streamline the Covid 19 vaccination process. For the purpose of this blog post, the term CoWIn platform has been used to refer to the CoWin App and the CoWin webportal.
During the first phase, it was mandatory for the identified beneficiaries to be registered on the Co-Win App prior to receiving the vaccine. The Central Government had earlier indicated that it would be mandatory for all the future beneficiaries to register on the Co-Win app; however, the Health Ministry hours before the roll out of the second phase tweeted that beneficiaries should use the Co-Win web portal (not the Co-Win app) to register themselves for the vaccine. The App which is currently available on the play store is only for administrators; it will not be available for the general public. Beneficiaries can now access the vaccination by; (i) registering on the CoWin website; or (ii) Certain vaccination (sites) have a walk-in-facility: On-site registration, appointment, verification, and vaccination will all be on-site the same day; or (iii) register and get an appointment for the vaccination through the Aarogya Setu app.
The scale and extent of the global pandemic and the Covid-19 vaccination programme differs significantly from the vaccination/immunisation programmes conducted by India previously, and therefore, the means adopted for conducting the vaccination programme will have to be modified accordingly. However, as several newspaper reports have indicated the roll out of the CoWin platform has not been smooth. There are several glitches; from the user data being incorrectly registered, to beneficiaries not receiving the one time password required to schedule the appointment.
An entirely offline or online method (internet penetration is at 40% ) to register for the vaccine is not feasible and a hybrid model (offline registration and online registration) should be considered. However, the specified platform should take into account the concerns which are currently emanating from the use of Co-Win and make the required modifications.
Privacy Concerns
When the beneficiary uses the Co-Win website to register, she is required to provide certain demographic details such as name, gender, date of birth, photo identity and mobile number. Though Aadhar has been identified as one of the documents that can be uploaded as a photo identity, the Health Ministry in a response to a RTI filed by the Internet Freedom Foundation (IFF) clarified that Aadhaar is nor mandatory for registration either through the Co-Win website or through Aarogya Setu. While, the Government has clarified that the App cannot be used by the general public to register for the vaccination, it still leaves open the question of the status of the personal data of the beneficiaries identified in the first phase of the process, who were registered on the App, and whose personal details were pre-populated on the App. In fact in certain instances, Aadhar details were uploaded on the app as the identity proof, without the knowledge of the beneficiary.
These concerns are exacerbated in the absence of a robust data protection law and with the knowledge that the Co-Win platform (App and the website) does not have a dedicated independent privacy policy. While the Co-Win web portal does not provide any privacy policy, the privacy policy hyperlinked on the App directs the user to the Health Data Policy of the National Health Data Management Policy, 2020. The Central Government approved the Health Data Management Policy on December 14, 2020. It is an umbrella document for all entities operating under the digital health ecosystem.
An analysis of the Health Policy against the key internationally recognised privacy principles which are represented in most data protection frameworks in the world, including the Personal Data Protection Bill, 2019, highlights that the Health Policy does not provide any information on data retention, data sharing and the grievance redressal mechanism. It is important to note that the Health policy has also been framed in the absence of a robust data protection law; the Personal Data Protection Bill is still pending before Parliament.
The Co-WIn website does not provide any separate information on how long the data will be retained, whether the data will be shared and how many ministries/departments have access to the data.
A National Health Policy cannot and should not be used as a substitute for specific independent privacy policies of different apps that may be designed by the Government to collect and process the health data of users. Health Data is recognised as sensitive personal data under the proposed personal data protection bill and should be accorded the highest level of protection. This was also reiterated by the Karnataka High Court in its recent interim order on Aarogya Setu. It held that medical information or data is a category of data to which there is a reasonable expectation of privacy, and “the sharing of health data of a citizen without his/her consent will necessarily infringe his/her fundamental right of privacy under Article 21 of the Constitution of India.”
Link with Aarogya Setu
A beneficiary registered on the Co-Win platform can use the Aarogya Setu App to download their vaccination certificate. Beneficiaries have now also been provided an option to register for vaccination through Aarogya Setu. However, the rationale for linking the two separate platforms is not clear, especially as Aaroya Setu has primarily been deployed as a contact tracing application.
There is no information on whether the data (and to what extent) that is stored in the Co-Win platform will be shared with Aarogya Setu. It is also not clear whether the consent of the beneficiary registered on the Co-Win platform will be obtained again prior to sharing the data or whether registration on the Co-Win platform will be regarded as general consent for sharing the data with Aarogya Setu. This is contrary to the principle of informed consent (i.e the consent has to be unambiguous, specific, informed and voluntary), which a data fiduciary has to comply with prior to obtaining personal data from the data principal. The privacy policy of Aarogya Setu has also not been amended to reflect this change in the purpose of the App.
Co-Win registration as an entry to develop health IDs?
One of the objectives of the Health Data Management Policy is to develop a digital unique health ID for all the citizens. The National Health Data Management Policy states that participation in the National Health Data Ecosystem is voluntary; and the participants will, at any time, have the right to exit from the ecosystem. Currently, the policy has been rolled out on a pilot basis in 6 union territories, namely; Chandigarh, Dadra & Nagar Haveli, Daman & Diu, Puducherry, Ladakh and Lakshadweep. As Health is a state subject under the Indian Constitution, Chhattisgarh has raised concerns about the viability and necessity of the policy, especially in the absence of a robust data protection legislation.
Mr. R.S. Sharma, the Chairperson of the ‘Empowered Group on Technology and Data Management to combat Covid-19’ had in an interview to India Today stated “ “Not just for vaccinations, but the platform will be instrumental in becoming a digital health database for India”. This indicates that this is an initial step towards generating health ID for all the beneficiaries. It would also violate the principle of purpose limitation, that data collected for one purpose (for the vaccine) cannot be reused for another (for the creation of the Digital Health ID system) without an individual’s explicit consent and the option to opt-out.
Conclusion
Given India’s experience and reasonable success with childhood immunisation, there is reasonable confidence that the country has the ability to scale up vaccination. However, the vaccination drive should not be used as a means to set aside the legitimate concerns of the citizens with regard to the mechanism deployed to get pet people to register for the vaccination drive. As a first step it is essential that Co-Win has a separate dedicated privacy policy which conforms to the internationally accepted privacy principles and enumerated in the Personal Data Protection Bill. It is also essential that Co-Win or any other app/digital platform should not be used as a backdoor entry for the government to create unique digital health IDs for the citizens, especially without their consent and in the absence of a robust data protection law.
Regulating Sexist Online Harassment: A Model of Online Harassment as a Form of Censorship
Amber Sinha wrote a paper on regulating sexist online harassment, and how online harassment serves as a form of censorship, for the “Recognize, Resist, Remedy: Addressing Gender-Based Hate Speech in the Online Public Sphere” project, a collaborative project between IT for Change, India and InternetLab, Brazil.
New intermediary guidelines: The good and the bad
In pursuance of the government releasing the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, this blogpost offers a quick rundown of some of the changes brought about the Rules, and how they line up with existing principles of best practices in content moderation, among others.
The Government needs to make sure our emails don't destroy the environment
The Government's data centre policy must be more reflective of energy requirements and sustainable practices to effectively ensure that India's growing digital user base doesn't hurt the environment.
TIkTok: It’s time for Biden to make a decision on his digital policy with China
As the United State's new president comes into office he is faced with creating a cohesive digital relations policy that corrects some of the damage done by his predecessor. This article is the first part of a series analysing his policies and challenges.
Document Actions