Centre for Internet and Society

Digital Rights and ISP Accountability in India: An Analysis of Policies and Practices

Anubha Sinha, Yesha Tshering Paul, and Sherina Poyyail — 2025-01-23T10:04:44Z

This report presents a comprehensive evaluation of India's four largest Internet Service Providers (ISPs)—Reliance Jio, Bharti Airtel, Vodafone-Idea (Vi), and BSNL—examining their commitment to digital rights and transparency.

Read the full report here.

India's four largest Internet Service Providers (ISPs)—Reliance Jio, Bharti Airtel, Vodafone-Idea (Vi), and BSNL collectively serve 98% of India's internet subscribers, with Jio and Airtel commanding a dominant market share of 80.87%. The assessment comes at a critical juncture in India's digital landscape, marked by a 279.34% increase in internet subscribers from 2014 to 2024, alongside issues such as proliferation of internet shutdowns.

Adapting the Ranking Digital Rights' (RDR) 2022 methodology framework for its 2022 Telco Giants Scorecard, our analysis reveals significant disparities in governance structures and commitment to digital rights across these providers. Bharti Airtel emerges as the leader in governance framework implementation, maintaining dedicated human rights policies and board-level oversight. In contrast, Vi and Jio demonstrate mixed results with limited explicit human rights commitments, while BSNL exhibits the weakest governance structure with minimal human rights considerations. Notably, all ISPs lack comprehensive human rights impact assessments for their advertising and algorithmic systems.

The evaluation of freedom of expression commitments reveals systematic inadequacies across all providers. Terms and conditions are frequently fragmented and difficult to access, while providers maintain broad discretionary powers for account suspension or termination without clear appeal processes. There is limited transparency regarding content moderation practices and government takedown requests, coupled with insufficient disclosure about algorithmic decision-making systems that affect user experiences.

Privacy practices among these ISPs show minimal evolution since previous assessments, with persistent concerns about policy accessibility and comprehension. The investigation reveals limited transparency regarding algorithmic processing of personal data, widespread sharing of user data with third parties and government agencies, and inadequate user control over personal information. None of the evaluated ISPs maintain clear data breach notification policies, raising significant concerns about user data protection.

The concentrated market power of Jio and Airtel, combined with weak digital rights commitments across the sector, raises substantial concerns about the state of user privacy and freedom of expression in India's digital landscape. The lack of transparency in website blocking and censorship, inconsistent implementation of blocking orders, limited accountability in handling government requests, insufficient protection of user rights, and inadequate grievance redressal mechanisms emerge as critical areas requiring immediate attention.

As India continues its rapid digital transformation, our findings underscore the urgent need for both regulatory intervention and voluntary industry reforms. The development of standardised transparency reporting, strengthened user rights protections, and robust accountability mechanisms will be crucial in ensuring that India's digital growth aligns with fundamental rights and democratic values.

For more details visit https://cis-india.org/internet-governance/blog/digital-rights-and-isp-accountability-in-india-an-analysis-of-policies-and-practices

Recommendations for the Covid Vaccine Intelligence Network (Co-Win) platform

Pallavi Bedi — 2021-03-25T13:14:46Z

The first confirmed case of Covid-19 was recorded in India on January 30, 2020, and India’s vaccination drive started 12 months later on January 16, 2021; with the anxiety and hope that this signals the end of the pandemic. The first phase of the vaccination drive identified healthcare professionals and other frontline workers as beneficiaries. The second phase, which has been rolled out from March 1, covers specified sections of the general population; those above 60 years and those between 45 years and 60 with specific comorbid conditions. The first phase also saw the deployment of the Covid Vaccine Intelligence Network (Co-Win) platform to roll out and streamline the Covid 19 vaccination process. For the purpose of this blog post, the term CoWIn platform has been used to refer to the CoWin App and the CoWin webportal.

During the first phase, it was mandatory for the identified beneficiaries to be registered on the Co-Win App prior to receiving the vaccine. The Central Government had earlier indicated that it would be mandatory for all the future beneficiaries to register on the Co-Win app; however, the Health Ministry hours before the roll out of the second phase tweeted that beneficiaries should use the Co-Win web portal (not the Co-Win app) to register themselves for the vaccine. The App which is currently available on the play store is only for administrators; it will not be available for the general public. Beneficiaries can now access the vaccination by; (i) registering on the CoWin website; or (ii) Certain vaccination (sites) have a walk-in-facility: On-site registration, appointment, verification, and vaccination will all be on-site the same day; or (iii) register and get an appointment for the vaccination through the Aarogya Setu app.

The scale and extent of the global pandemic and the Covid-19 vaccination programme differs significantly from the vaccination/immunisation programmes conducted by India previously, and therefore, the means adopted for conducting the vaccination programme will have to be modified accordingly. However, as several newspaper reports have indicated the roll out of the CoWin platform has not been smooth. There are several glitches; from the user data being incorrectly registered, to beneficiaries not receiving the one time password required to schedule the appointment.

An entirely offline or online method (internet penetration is at 40% ) to register for the vaccine is not feasible and a hybrid model (offline registration and online registration) should be considered. However, the specified platform should take into account the concerns which are currently emanating from the use of Co-Win and make the required modifications.

Privacy Concerns

When the beneficiary uses the Co-Win website to register, she is required to provide certain demographic details such as name, gender, date of birth, photo identity and mobile number. Though Aadhar has been identified as one of the documents that can be uploaded as a photo identity, the Health Ministry in a response to a RTI filed by the Internet Freedom Foundation (IFF) clarified that Aadhaar is nor mandatory for registration either through the Co-Win website or through Aarogya Setu. While, the Government has clarified that the App cannot be used by the general public to register for the vaccination, it still leaves open the question of the status of the personal data of the beneficiaries identified in the first phase of the process, who were registered on the App, and whose personal details were pre-populated on the App. In fact in certain instances, Aadhar details were uploaded on the app as the identity proof, without the knowledge of the beneficiary.

These concerns are exacerbated in the absence of a robust data protection law and with the knowledge that the Co-Win platform (App and the website) does not have a dedicated independent privacy policy. While the Co-Win web portal does not provide any privacy policy, the privacy policy hyperlinked on the App directs the user to the Health Data Policy of the National Health Data Management Policy, 2020. The Central Government approved the Health Data Management Policy on December 14, 2020. It is an umbrella document for all entities operating under the digital health ecosystem.

An analysis of the Health Policy against the key internationally recognised privacy principles which are represented in most data protection frameworks in the world, including the Personal Data Protection Bill, 2019, highlights that the Health Policy does not provide any information on data retention, data sharing and the grievance redressal mechanism. It is important to note that the Health policy has also been framed in the absence of a robust data protection law; the Personal Data Protection Bill is still pending before Parliament.

The Co-WIn website does not provide any separate information on how long the data will be retained, whether the data will be shared and how many ministries/departments have access to the data.

A National Health Policy cannot and should not be used as a substitute for specific independent privacy policies of different apps that may be designed by the Government to collect and process the health data of users. Health Data is recognised as sensitive personal data under the proposed personal data protection bill and should be accorded the highest level of protection. This was also reiterated by the Karnataka High Court in its recent interim order on Aarogya Setu. It held that medical information or data is a category of data to which there is a reasonable expectation of privacy, and “the sharing of health data of a citizen without his/her consent will necessarily infringe his/her fundamental right of privacy under Article 21 of the Constitution of India.”

Link with Aarogya Setu

A beneficiary registered on the Co-Win platform can use the Aarogya Setu App to download their vaccination certificate. Beneficiaries have now also been provided an option to register for vaccination through Aarogya Setu. However, the rationale for linking the two separate platforms is not clear, especially as Aaroya Setu has primarily been deployed as a contact tracing application.

There is no information on whether the data (and to what extent) that is stored in the Co-Win platform will be shared with Aarogya Setu. It is also not clear whether the consent of the beneficiary registered on the Co-Win platform will be obtained again prior to sharing the data or whether registration on the Co-Win platform will be regarded as general consent for sharing the data with Aarogya Setu. This is contrary to the principle of informed consent (i.e the consent has to be unambiguous, specific, informed and voluntary), which a data fiduciary has to comply with prior to obtaining personal data from the data principal. The privacy policy of Aarogya Setu has also not been amended to reflect this change in the purpose of the App.

Co-Win registration as an entry to develop health IDs?

One of the objectives of the Health Data Management Policy is to develop a digital unique health ID for all the citizens. The National Health Data Management Policy states that participation in the National Health Data Ecosystem is voluntary; and the participants will, at any time, have the right to exit from the ecosystem. Currently, the policy has been rolled out on a pilot basis in 6 union territories, namely; Chandigarh, Dadra & Nagar Haveli, Daman & Diu, Puducherry, Ladakh and Lakshadweep. As Health is a state subject under the Indian Constitution, Chhattisgarh has raised concerns about the viability and necessity of the policy, especially in the absence of a robust data protection legislation.

Mr. R.S. Sharma, the Chairperson of the ‘Empowered Group on Technology and Data Management to combat Covid-19’ had in an interview to India Today stated “ “Not just for vaccinations, but the platform will be instrumental in becoming a digital health database for India”. This indicates that this is an initial step towards generating health ID for all the beneficiaries. It would also violate the principle of purpose limitation, that data collected for one purpose (for the vaccine) cannot be reused for another (for the creation of the Digital Health ID system) without an individual’s explicit consent and the option to opt-out.

Conclusion

Given India’s experience and reasonable success with childhood immunisation, there is reasonable confidence that the country has the ability to scale up vaccination. However, the vaccination drive should not be used as a means to set aside the legitimate concerns of the citizens with regard to the mechanism deployed to get pet people to register for the vaccination drive. As a first step it is essential that Co-Win has a separate dedicated privacy policy which conforms to the internationally accepted privacy principles and enumerated in the Personal Data Protection Bill. It is also essential that Co-Win or any other app/digital platform should not be used as a backdoor entry for the government to create unique digital health IDs for the citizens, especially without their consent and in the absence of a robust data protection law.

For more details visit https://cis-india.org/internet-governance/blog/an-analysis-of-the-covid-vaccine-intelligence-network-co-win-platform

Comments to National Digital Health Mission: Health Data Management Policy

Shweta Mohandas, Pallavi Bedi, Shweta Reddy, and Saumyaa Naidu — 2020-10-05T15:56:51Z

CIS has submitted comments to the National Health Data Management Policy. We welcome the opportunity provided to our comments on the Policy and we hope that the final Policy will consider the interests of all the stakeholders to ensure that it protects the privacy of the individual while encouraging a digital health ecosystem.

Read the full set of comments here.

For more details visit https://cis-india.org/internet-governance/blog/comments-to-national-digital-health-mission-health-data-management-policy

Mapping Web Censorship & Net Neutrality Violations

pranav — 2020-10-05T07:59:47Z

For over a year, researchers at the Centre for Internet and Society have been studying website blocking by internet service providers (ISPs) in India. We have learned that major ISPs don’t always block the same websites, and also use different blocking techniques. To take this study further, and map net neutrality violations by ISPs, we need your help. We have developed CensorWatch, a research tool to collect empirical evidence about what websites are blocked by Indian ISPs, and which blocking methods are being used to do so. Read more about this project (link), download CensorWatch (link), and help determine if ISPs are complying with India’s net neutrality regulations.

Learn more about website blocking in India, through our recent work on the issue —

Using information from court orders, user reports, and government orders, and running network tests from six ISPs, Kushagra Singh, Gurshabad Grover and Varun Bansal presented the largest study of web blocking in India. Through their work, they demonstrated that major ISPs in India use different techniques to block websites, and that they don’t block the same websites (link).
Gurshabad Grover and Kushagra Singh collaborated with Simone Basso of the Open Observatory of Network Interference (OONI) to study HTTPS traffic blocking in India by running experiments on the networks of three popular Indian ISPs: ACT Fibernet, Bharti Airtel, and Reliance Jio (link).
For The Leaflet, Torsha Sarkar and Gurshabad Grover wrote about the legal framework of blocking in India — Section 69A of the IT Act and its rules. They considered commentator opinions questioning the constitutionality of the regime, whether originators of content are entitled to a hearing, and whether Rule 16, which mandates confidentiality of content takedown requests received by intermediaries from the Government, continues to be operative (link).
In the Hindustan Times, Gurshabad Grover critically analysed the confidentiality requirement embedded within Section 69A of the IT Act and argued how this leads to internet users in India experiencing arbitrary censorship (link).
Torsha Sarkar, along with Sarvjeet Singh of the Centre for Communication Governance (CCG), spoke to Medianama delineating the procedural aspects of section 69A of the IT Act (link).
Arindrajit Basu spoke to the Times of India about the geopolitical and regulatory implications of the Indian government’s move to ban fifty-nine Chinese applications from India (link).

For more details visit https://cis-india.org/internet-governance/blog/mapping-web-censorship-net-neutrality-violations

Fundamental Right to Privacy — Three Years of the Puttaswamy Judgment

pranav — 2020-08-24T07:46:10Z

Today marks three years since the Supreme Court of India recognised the fundamental right to privacy, but the ideals laid down in the Puttaswamy Judgment are far from being completely realized. Through our research, we invite you to better understand the judgment and its implications, and take stock of recent issues pertaining to privacy.

Amber Sinha dissects the Puttaswamy Judgment through an analysis of the sources, scope and structure of the right, and its possible limitations. [link]

Through a visual guide to the fundamental right to privacy, Amber Sinha and Pooja Saxena trace how courts in India have viewed the right to privacy since Independence, explain how key legal questions were resolved in the Puttaswamy Judgement, and provide an account of the four dimensions of privacy — space, body, information and choice — recognized by the Supreme Court. [link]

Based on publicly available submissions, press statements, and other media reports, Arindrajit Basu and Amber Sinha track the political evolution of the data protection ecosystem in India, on EPW Engage. They discuss how this has, and will continue to impact legislative and policy developments. [link]

For the AI Policy Exchange, Arindrajit Basu and Siddharth Sonkar examine the Automated Facial Recognition Systems (AFRS), and define the key legal and policy questions related to privacy concerns around the adoption of AFRS by governments around the world. [link]

Over the past decade, reproductive health programmes in India have been digitising extensive data about pregnant women. In partnership with Privacy International, we studied the Mother and Child Tracking system (MCTS), and Ambika Tandon presents the impact on the privacy of mothers and children in the country. [link]

While the right to privacy can be used to protect oneself from state surveillance, Mira Swaminathan and Shubhika Saluja write about the equally crucial problem of lateral surveillance — surveillance that happens between individuals, and within neighbourhoods, and communities — with a focus on this issue during the COVID-19 crisis. [link]

Finally, take a dive into the archives of the Centre for Internet and Society to read our work, which was cited in the Puttaswamy judgment — essays by Ashna Ashesh, Vidushi Marda and Bhairav Acharya that displaced the notion that privacy is inherently a Western concept, by attempting to locate the constructs of privacy in Classical Hindu [link], and Islamic Laws [link]; and Acharya’s article in the Economic and Political Weekly, which highlighted the need for privacy jurisprudence to reflect theoretical clarity, and be sensitive to unique Indian contexts [link].

For more details visit https://cis-india.org/internet-governance/blog/fundamental-right-to-privacy-three-years-of-the-puttaswamy-judgment

Comments on NITI AAYOG Working Document: Towards Responsible #AIforAll

Shweta Mohandas, Arindrajit Basu and Ambika Tandon — 2020-08-18T06:25:18Z

The NITI Aayog Working Document on Responsible AI for All released on 21st July 2020 serves as a significant statement of intent from NITI Aayog, acknowledging the need to ensure that any conception of “Responsible AI” must fulfill constitutional responsibilities, incorporated through workable principles. However, as it is a draft document for discussion, it is important to highlight next steps for research and policy levers to build upon this report.

Read our comments in their entirety here.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-niti-aayog-working-document-towards-responsible-aiforall

Towards Algorithmic Transparency

Radhika Radhakrishnan, and Amber Sinha — 2020-07-15T13:16:44Z

This policy brief examines the issue of transparency as a key ethical component in the development, deployment, and use of Artificial Intelligence.

This brief proposes a framework that seeks to overcome the challenges in preserving transparency when dealing with machine learning algorithms, and suggests solutions such as the incorporation of audits, and ex ante approaches to building interpretable models right from the design stage. Read the full report here.

The Regulatory Practices Lab at CIS aims to produce regulatory policy suggestions focused on India, but with global application, in an agile and targeted manner and to promote transparency around practices affecting digital rights.
The Regulatory Practices Lab is supported by Google and Facebook.

For more details visit https://cis-india.org/internet-governance/blog/towards-algorithmic-transparency

After the Lockdown

Shyam Ponappa — 2020-04-09T10:05:49Z

This post was first published in the Business Standard, on April 2, 2020.

This is a time when, as the authorities deal with a lockdown, there needs to be an equal emphasis on providing for large numbers of people without the money for food and necessities, while the rest of us wait it out. Hard as it is, an MIT scholar writes that after the Spanish flu in 1918, cities that restricted public gatherings sooner and longer had fewer fatalities, and emerged with stronger economic growth.1 It is likely that costs and benefits vary with economic and social capacity, and we may have a harder time with it here. Going forward, government action to help provide relief, rehabilitate people and deal with loss needs to be well planned, including targeting aid to the urban and displaced poor.2

As important now as to ensure the lockdown continues is to plan on how to revive productive activity and the economy, and restore public confidence. A systematic approach will likely yield better results.

A major element of the recovery plan is steps such as liberal credit and amortisation terms, perhaps much more than the three-month extension the Reserve Bank of India (RBI) has announced. A primary purpose is the re-initiation of large-scale activities such as construction, of which there are reportedly about 200,000 large projects around the country. These have to be nursed back to being going concerns. The RBI may need to consider doing more, including lowering rates.

An ominous development that has grown as the economy slowed is financial stress that could swell non-performing assets (NPAs). At the half-year ending September 2019, about half of non-financial large corporations in India, excluding telecom, showed financial stress (see table).

Source: Krishna Kant: "Coronavirus shutdown puts Rs 15-trillion debt at risk, to impact finances", BS, March 30, 2020:

https://www.business-standard.com/article/markets/coronavirus-shutdown-puts-rs-15-trillion-debt-at-risk-to-impact-finances-120032901036_1.html

These include some of India’s largest companies, producing power, steel, and chemicals. The 201 companies have total debt of nearly Rs 15 trillion, more than half of all borrowings. There is also the debt overhang of the National Highways Authority of India, and of the telecom companies. Ironically, the telecom companies are our lifeline now, despite having nearly collapsed under debt because of ill-advised policies in the past, which have still not changed. Perhaps our obvious dependence telecom services now will spark well conceived, convergent policies for this sector, so that we can function effectively.

A start with immediate changes in administrative rules for 60GHz, 70-80GHz, and 500-700MHz wireless use, modelled on the US FCC regulations as was done for the 5GHz Wi-Fi in October 2018, could change the game. It will provide the opportunity in India for the innovation of devices, their production, and use, possibly unleashing this sector. This can help offset our reliance on imported technology and equipment. However, such changes in policies and purchasing support have eluded us thus far. Now, the only way our high-technology manufacturers can thrive is to succeed internationally, in order to be able to sell to the domestic market. Imagine how hard that might be, and you begin to get an inkling of why we have few domestic product champions, struggling against odds in areas such as optical switches, networking equipment, and wireless devices. For order-of-magnitude change, however, structural changes need to be worked out in consultation with operators in the organisation of services through shared infrastructure.

For the longer term, a fundamental reconsideration for allocating resources is needed through coherent, orchestrated policy planning and support. What the government can do as a primary responsibility, besides ensuring law and order and security, is to develop our inadequate and unreliable infrastructure, including facilities and services that enable efficient production clusters, their integrated functioning, and skilling. For instance, Apple’s recent decision against moving iPhone production from China to India was reportedly because similar large facilities (factories of 250,000) are not feasible here, and second, our logistics are inadequate. Such considerations should be factored into our planning, although Apple may well have to revisit the very sustainability of the concept of outsize facilities that require the sort of repressive conditions prevailing in China. However, we need not aim for building unsustainable mega-factories. Instead, a more practical approach may be to plan for building agglomerations of smaller, sustainable units, that can aggregate their activity and output effectively and efficiently. Such developments could form the basis of numerous viable clusters, and where possible, capitalise on existing incipient clusters of activities. Such infrastructure needs to be extended to the countryside for agriculture and allied activities as well, so that productivity increases with a change from rain-fed, extensive cultivation to intensive practices, with more controlled conditions.

The automotive industry, the largest employer in manufacturing, provides an example for other sectors. It was a success story like telecom until recently, but is now floundering, partly because of inappropriate policies, despite its systematic efforts at incorporating collaborative planning and working with the government. It has achieved the remarkable transformation of moving from BS-IV to BS-VI emission regulations in just three years, upgrading by two levels with an investment of Rs 70,000 crore, whereas European companies have taken five to six years to upgrade by one level. This has meant that there was no time for local sourcing, and therefore heavy reliance on global suppliers, including China. While the collaborative planning model adopted by the industry provides a model for other sectors, the question here is, what now. In a sense, it was not just the radical change in market demand with the advent of ridesharing and e-vehicles, but also the government’s approach to policies and taxation that aggravated its difficulties.

Going forward, policies that are more congruent in terms of societal goals, including employment that support the development of large manufacturing opportunities, need to be thought through from a perspective of aligning and integrating objectives (in this case, transportation). Areas such as automotive and other industries for the manufacture of road and rail transport vehicles need to be considered from the perspective of reconfiguring the purpose, flow, and value-added, to achieve both low-cost, accessible mass transport, and vehicles for private use that complement transportation objectives as also employment and welfare.

Systematic and convergent planning and implementation across sectors could help achieve a better revival.

Shyam (no space) Ponappa at gmail dot com

1: https://www.reuters.com/article/us-health-coronavirus-usa-reopen-analysi/the-u-s-weighs-the-grim-math-of-death-vs-the-economy-idUSKBN21H1B4

2: https://www.financialexpress.com/opinion/the-coronavirus-lockdown-and-indias-urban-vulnerables/1915316/

For more details visit https://cis-india.org/internet-governance/blog/after-the-lockdown

India’s ‘Self-Goal’ in Telecom

Shyam Ponappa — 2020-04-09T07:18:26Z

This post was first published in the Business Standard, on March 5, 2020.

The government apparently cannot resolve the problems in telecommunications. Why? Because the authorities are trying to balance the Supreme Court order on Adjusted Gross Revenue (AGR), with keeping the telecom sector healthy, while safeguarding consumer interest. These irreconcilable differences have arisen because both the United Progressive Alliance and the National Democratic Alliance governments prosecuted unreasonable claims for 15 years, despite adverse rulings! This imagined “impossible trinity” is an entirely self-created conflation.
If only the authorities focused on what they can do for India’s real needs instead of tilting at windmills, we’d fare better. Now, we are close to a collapse in communications that would impede many sectors, compound the problem of non-performing assets (NPAs), demoralise bankers, increase unemployment, and reduce investment, adding to our economic and social problems.
Is resolving the telecom crisis central to the public interest? Yes, because people need good infrastructure to use time, money, material, and mindshare effectively and efficiently, with minimal degradation of their environment, whether for productive purposes or for leisure. Systems that deliver water, sanitation, energy, transport and communications support all these activities. Nothing matches the transformation brought about by communications in India from 2004 to 2011 in our complex socio-economic terrain and demography. Its potential is still vast, limited only by our imagination and capacity for convergent action. Yet, the government’s dysfunctional approach to communications is in stark contrast to the constructive approach to make rail operations viable for private operators.
India’s interests are best served if people get the services they need for productivity and wellbeing with ease, at reasonable prices. This is why it is important for government and people to understand and work towards establishing good infrastructure.

What the Government Can Do

An absolute prerequisite is for all branches of government (legislative, executive, and judicial), the press and media, and society, to recognise that all of us must strive together to conceptualise and achieve good infrastructure. It is not “somebody else’s job”, and certainly not just the Department of Telecommunications’ (DoT’s). The latter cannot do it alone, or even take the lead, because the steps required far exceed its ambit.

Act Quickly

These actions are needed immediately:

First, annul the AGR demand using whatever legal means are available. For instance, the operators could file an appeal, and the government could settle out of court, renouncing the suit, accepting the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) ruling of 2015 on AGR.

Second, issue an appropriate ordinance that rescinds all extended claims. Follow up with the requisite legislation, working across political lines for consensus in the national interest.

Third, take action to organise and deliver communications services effectively and efficiently to as many people as possible. The following steps will help build and maintain more extensive networks with good services, reasonable prices, and more government revenues.

Enable Spectrum Usage on Feasible Terms

Wireless regulations

It is infeasible for fibre or cable to reach most people in India, compared with wireless alternatives. Realistically, the extension of connectivity beyond the nearest fibre termination point is through wireless middle-mile connections, and Wi-Fi for most last-mile links. The technology is available, and administrative decisions together with appropriate legislation can enable the use of spectrum immediately in 60GHz, 70-80GHz, and below 700MHz bands to be used by authorised operators for wireless connectivity. The first two bands are useful for high-capacity short and medium distance hops, while the third is for up to 10 km hops. The DoT can follow its own precedent set in October 2018 for 5GHz for Wi-Fi, i.e., use the US Federal Communications Commission regulations as a model.1 The one change needed is an adaptation to our circumstances that restricts their use to authorised operators for the middle-mile instead of open access, because of the spectrum payments made by operators. Policies in the public interest allowing spectrum use without auctions do not contravene Supreme Court orders.

Policies: Revenue sharing for spectrum

A second requirement is for all licensed spectrum to be paid for as a share of revenues based on usage as for licence fees, in lieu of auction payments. Legislation to this effect can ensure that spectrum for communications is either paid through revenue sharing for actual use, or is open access for all Wi-Fi bands. The restricted middle-mile use mentioned above can be charged at minimal administrative costs for management through geo-location databases to avoid interference. In the past, revenue-sharing has earned much more than up-front fees in India, and rejuvenated communications.2 There are two additional reasons for revenue sharing. One is the need to manufacture a significant proportion of equipment with Indian IPR or value-added, to not have to rely as much as we do on imports. This is critical for achieving a better balance-of-payments, and for strategic considerations. The second is to enable local talent to design and develop solutions for devices for local as well as global markets, which is denied because it is virtually impossible for them to access spectrum, no matter what the stated policies might claim.

Policies and Organisation for Infrastructure Sharing

Further, the government needs to actively facilitate shared infrastructure with policies and legislation. One way is through consortiums for network development and management, charging for usage by authorised operators. At least two consortiums that provide access for a fee, with government’s minority participation in both for security and the public interest, can ensure competition for quality and pricing. Authorised service providers could pay according to usage.
Press reports of a consortium approach to 5G where operators pay as before and the government “contributes” spectrum reflect seriously flawed thinking.3 Such extractive payments with no funds left for network development and service provision only support an illusion that genuine efforts are being made to the ill-informed, who simultaneously rejoice in the idea of free services while acclaiming high government charges (the two are obviously not compatible).
Instead of tilting at windmills that do not serve people’s needs while beggaring their prospects, commitment to our collective interests requires implementing what can be done with competence and integrity.

Shyam (no space) Ponappa at gmail dot com
1. https://dot.gov.in/sites/default/files/2018_10_29%20DCC.pdf
2. http://organizing-india.blogspot.in/2016/04/ breakthroughs- needed-for-digital-india.html
3. https://www.business-standard.com/article/economy-policy/govt-considering-spv-with-5g-sweetener-as-solution-to-telecom-crisis-120012300302_1.html

For more details visit https://cis-india.org/internet-governance/indias-self-goal-in-telecom

‘Future of Work’ in India’s IT/IT-es Sector

Aayush Rathi and Elonnai Hickok — 2020-04-28T09:52:59Z

The Centre for Internet and Society has recently undertaken research into the impact of Industry 4.0 on work in India. Industry 4.0, for the purposes of the research, is conceptualised as the technical integration of cyber physical systems (CPS) into production and logistics and the use of the ‘internet of things’ (connection between everyday objects) and services in (industrial) processes. By undertaking this research, CIS seeks to complement and contribute to the discourse and debates in India around the impact of Industry 4.0. In furtherance of the same, this report seeks to explore several key themes underpinning the impact of Industry 4.0 specifically in the IT/IT-es sector and broadly on the nature of work itself.

Read the complete case-study here: Download (PDF)

Introduction

Scholarship on 'Industry 4.0' that has emerged globally has sought to address the challenges of technological forecasting as it relates to work in varied forms. For instance, the Frey-Osborne methods examine characteristic tasks of each occupation and suggest that almost half of all jobs in the United States and other advanced countries are at risk of being substituted by computers or algorithms within the next 10 to 20 years. [1] On the other hand, scholars such as Autor and Handel as well as research produced by OECD on this subject argue that occupations as a whole are unlikely to be automated as there is great variability in the tasks within each occupation. [2] Existing literature on the impact on jobs in the IT sector in India too have arrived at mixed conclusions. Reports have raised concerns about job loss in the sector as a result of automation [3] whilst it has also been reported that employment from the IT sector reached 3.86 million in 2016-17 and an addition of around 105,000 was witnessed in FY18 itself. [4]

In this context, it is crucial to start by developing an understanding of which technologies are at the forefront of bringing in Industry 4.0. Such an understanding will further help understand which jobs, and more specifically, job functions are at the greatest risk of being replaced by automation technologies. To further contextualise the impact, it is imperative to develop a comprehensive understanding of how job functions are organised within the sector itself. This becomes especially relevant with the emphasis Industry 4.0 places on the horizontal and vertical integration of the various technologies constituting Industry 4.0. [5]

It is anticipated that to stay ahead of the curve of ‘technological unemployment’ there will be significant skilling and re-skilling challenges to enable new talent addition around emerging job roles. [6] The skilling challenge gains enhanced importance in the broader context of nurturing an inclusive digital economy. [7] This is particularly relevant in the context of female labour force participation, since it has been predicted that job creation will be concentrated in sectors where females are underrepresented and difficult to retain, while sectors with higher female participation, such as secretarial work, will undergo job loss. [8]

However, it is not clear how these trends will play out in the future, particularly because other structural changes are taking place simultaneously (such as globalisation and protectionism, demographic change, policy making, technological adoption etc.).

Objective and Scope

This research seeks to contribute to existing studies and dialogue on the impact and effect of industry 4.0 on work in the Information Technology services (IT) sector in India. Though the research focuses on the impact of technologies that comprise Industry 4.0, such technologies are frequently interchanged with the words ‘automation’ and ‘digitisation’. Thus, the desk research also examines the impact of ‘automation’ and ‘digitisation’ on the IT sector in India. The case study looks atthe IT sector broadly and where applicable, calls out information specific to sub-sectors such as IT enabled services (IT-eS) or Business Process Management (IT-BPM). The IT sector in India is uniquely placed; it is producing the technologies that are disrupting work in other industries as well as implementing them internally. This report focuses on the latter, but brings into context the former when relevant to work in the sector.

By drawing out trends and providing an analysis of contextual, quantitative and qualitative data on changes to work and labour markets in India as a result of technological uptake, it is anticipated that comparative research can be enabled by creating a framework that can be replicated in other, particularly developing, contexts.

References

[1] Carl Benedikt Frey and Michael A. Osborne, 2013. The future of employment: How susceptible are jobs to computerisation?, Oxford Martin School, September.

[2] See David H. Autor & Michael J. Handel, 2013. “Putting Tasks to the Test: Human Capital, Job Tasks, and Wages,” Journal of Labor Economics, University of Chicago Press, Vol. 31(S1), pages S59 -S96. See also: Future of Work and Skills, The Organisation for Economic Co-operation and Development, February 2017.

[3] Business Today, AI, automation will cost 7 lakh IT jobs by 2022, says report. (November 7, 2017) Retrieved https://www.businesstoday.in/sectors/it/ai-and-automation-to-cost-7-lakh-it-jobs-by-2022-says-report/story/259880.html

[4] Advantage India, India Brand Equity Foundation. Retrieved https://www.ibef.org/download/IT-ITeS-Report-Apr-2018.pdf

[5] Embracing Industry 4.0 -and Rediscovering Growth, Boston Consulting Group. Retrieved https://www.bcg.com/capabilities/operations/embracing-industry-4.0-rediscovering-growth.aspx

[6] India’s Readiness for Industry 4.0 -A Focus on Automotive Sector, Grant Thorton and Confederation of Indian Industry. Retrieved http://www.nasscom.in/sites/default/files/NASSCOM_Annual_Guidance_Final_22062017.pdf

[7] G20 Insights, Bridging the digital divide: Skills for the new age., Retrieved http://www.g20-insights.org/policy_briefs/bridging-digital-divide-skills-new-age/

[8] World Economic Forum, The Future of Jobs -Employment, Skills and Workforce Strategy for the Fourth Industrial Revolution, (January 2016).

For more details visit https://cis-india.org/internet-governance/blog/future-of-work-in-india-it-it-es-sector

RBI Ban on Cryptocurrencies not backed by any data or statistics

vipul — 2020-03-05T18:35:48Z

In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency. Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India

On April 6, 2018 the RBI issued a circular preventing all Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies. The RBI had issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin in 2013. However, the growing popularity of cryptocurrencies and its adoption by large numbers of Indian users, may have been the reason which forced the RBI to issue another Press Release in February 2017 reiterating its earlier concerns regarding cryptocurrencies raised in its earlier circular of 2013. In December 2017 both the RBI as well as the Ministry of Finance issued Press Releases cautioning the general public about the dangers and risks associated with cryptocurrencies, finally culminating in the circular dated April 6, 2018 banning financial institutions from dealing with cryptocurrency traders. As a result of this circular the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. The cryptocurrency market in India all but disappeared with only a few extremely determined enthusiasts still dealing in cryptocurrencies, at the risk of potentially depriving themselves of banking services altogether.

The RBI circular was challenged in the Supreme Court by the Internet and Mobile Association of India; final arguments in the case were concluded only in the last week of January, 2020 with the judgment of the Supreme Court being awaited. Generally speaking, whenever such policy decisions of the executive branch are challenged in the courts, a well accepted defense for the executive authorities, specifically in highly complicated fields such as finance, etc. is that the decision was taken by an expert body using its expertise in the field. The basic rationale underlying this argument is that the authority has relied on verifiable data and used its expertise to analyse the same in order to arrive at its decision.

However, it appears from the response by the RBI to an RTI query by Centre for Internet and Society, that requested the RBI for a copy of all reports, papers, opinions and advice that was relied upon for issuing the April 6, 2018 circular, that the RBI has not relied upon any such data to come to a conclusion that banking services should be denied to all those entities dealing in cryptocurrencies. It appears from the response to the RTI query that it was the RBI’s own previous circulars and press releases which formed the basis for the April 6, 2018 circular. This response completely undermines the argument that the decision by the RBI was taken after an analysis of all the facts and statistics concerned with cryptocurrency trading.

Not only does the RTI response weaken the commonly accepted defense of an expert body making a well-reasoned decision, but it also strengthens another legal ground for challenging the decision of the RBI, viz. arbitrariness. One of the grounds on which executive decisions can be challenged is that the decision was made without taking into account relevant material and without the application of mind. The admission by the RBI in its RTI response that there is no material relied upon by the RBI, except its own previous Press Releases, only strengthens the argument that the decision was made in an arbitrary manner.

Such an admission by the RBI regarding the process followed before issuing the April 6, 2018 circular reduces the credibility of the decision itself. However it remains to be seen whether the Supreme Court of India agrees with the arguments of the petitioners challenging the April 6, 2018 circular, even though the petitioners may not have been able to produce this RTI response from the RBI to further bolster their case.

For more details visit https://cis-india.org/internet-governance/blog/rbi-ban-on-cryptocurrencies-not-backed-by-any-data-or-statistics

Cryptocurrency Regulation in India – A brief history

vipul — 2020-03-05T18:36:09Z

The story of cryptocurrencies started in 2008 when a paper titled “Bitcoin: A Peer to Peer Electronic Cash System” was published by a single or group of pseudonymous developer(s) by the name of Satoshi Nakamoto. The actual network took some time to start with the first transactions taking place only in January 2009. The first actual sale of an item using Bitcoin took place a year later with a user swapping 10,000 Bitcoin for two pizzas in 2010, which attached a cash value to the cryptocurrency for the first time. By 2011 other cryptocurrencies began to emerge, with Litecoin, Namecoin and Swiftcoin all making their debut. Meanwhile, Bitcoin the cryptocurrency that started it all started getting criticised after claims emerged that it was being used on the so-called “dark web”, particularly on sites such as Silk Road as a means of payment for illegal transactions. Over the next five years cryptocurrencies steadily gained traction with increased number of transactions and the price of Bitcoin, the most popular cryptocurrency shot up from around 5 Dollars in the beginning of 2012 to almost 1000 Dollars at the end of 2017.

Riding on the back of this wave of popularity, a number of cryptocurrency exchanges started operating in India between 2012 and 2017 providing much needed depth and volume to the Indian cryptocurrency market. These included popular exchanges such as Zebpay, Coinsecure, Unocoin, Koinex, Pocket Bits and Bitxoxo. With the price of cryptocurrencies shooting up and because of its increased popularity and adoption by users outside of its traditional cult following, regulators worldwide began to take notice of this new technology; in India the RBI issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin way back in 2013. However, the transaction volumes and adoption of cryptocurrencies in India really picked up in earnest only after the demonetisation of high value currency notes in November of 2016, with the government’s emphasis on digital payments leading to alternatives to traditional online banking such as cryptocurrencies forcing their way into the public consciousness. Indian cryptocurrency exchanges started acquiring users at a much higher pace which drove up volume for cryptocurrency transactions on all Indian exchanges. The growing popularity of cryptocurrencies and its adoption by large numbers of Indian users forced the RBI to issue another Press Release in February 2017 reiterating its concerns regarding cryptocurrencies raised in its earlier Press Release of 2013.

In October and November, 2017 two Public Interest Petitions were filed in the Supreme Court of India, one by Siddharth Dalmia and another by Dwaipayan Bhowmick, the former asking the Supreme Court to restrict the sale and purchase of cryptocurrencies in India, and the latter asking for cryptocurrencies in India to be regulated. Both the petitions are currently pending in the Supreme Court.

In November, 2017 the Government of India constituted a high level Inter-ministerial Committee under the chairmanship of Shri Subhash Chandra Garg, Secretary, Department of Economic Affairs, Ministry of Finance and comprising of Shri Ajay Prakash Sawhney (Secretary, Ministry of Electronics and Information Technology), Shri Ajay Tyagi (Chairman, Securities and Exchange Board of India) and Shri B.P. Kanungo (Deputy Governor, Reserve Bank of India). The mandate of the Committee was to study various issues pertaining to Virtual Currencies and to propose specific actions that may be taken in relation thereto. This Committee submitted its report in July of 2019 recommending a ban on private cryptocurrencies in India.

In December 2017 both the RBI as well as the Ministry of Finance issued Press releases cautioning the general public about the dangers and risks associated with cryptocurrencies, with the Ministry of Finance Press Release saying that cryptocurrencies are like ponzi schemes and also declaring that they are not currencies or coins. It should be mentioned here that till the end of March 2018, the RBI and the Finance Ministry had issued various Press Releases on cryptocurrencies cautioning people against their risks, however none of them ever took any legal action or gave any enforceable directions against cryptocurrencies. All of this changed with the RBI circular dated April 6, 2018 whereby the RBI prevented Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies.

The effect of the circular was that cryptocurrency exchanges, which relied on normal banking channels for sending and receiving money to and from their users, could not access any banking services within India. This essentially crippled their business operations since converting cash to cryptocurrencies and vice versa was an essential part of their operations. Even pure cryptocurrency exchanges which did not deal in fiat currency, were unable to carry out their regular operations such as paying for office space, staff salaries, server space, vendor payments, etc. without access to banking services.

As a the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. People who had bought cryptocurrencies on these exchanges as an investment were forced to sell their crypto assets and cash out before they lost access to banking facilities. The cryptocurrency exchanges themselves found it hard to sustain operations in the face of the dual hit of reduced transaction volumes and loss of access banking services. Faced with such an existential threat, a number of exchanges who were members of the Internet and Mobile Association of India (IMAI), filed a writ petition in the Supreme Court on May 15, 2018 titled Internet and Mobile Association of India v. Reserve Bank of India, the final arguments in which were heard by the Supreme Court of India in January, 2020 and the judgment is awaited. If the Supreme Court agrees with the arguments of the petitioners, then cryptocurrency exchanges would be able to restart operations in India; as a result the cryptocurrency ecosystem in India may be revived and cryptocurrencies may become a viable investment alternative again.

For more details visit https://cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history

A Compilation of Research on the PDP Bill

pranav — 2020-03-05T08:04:24Z

The most recent step in India’s initiative to create an effective and comprehensive Data Protection regime was the call for comments to the Personal Data Protection Bill, 2019, which closed last month. Leading up to the comments, CIS has published numerous research pieces with the goal of providing a comprehensive overview of how this legislation would place India within the global scheme, and how the local situation has developed, as well as analysing its impacts on citizens’ rights.

In addition to general and clause-by-clause comments and recommendations, we have compiled an annotated version of the Personal Data Protection Bill, which lays out our commentary in an easy-to-follow format.

Below, you can find our other recent research on Data Protection:

Pallavi Bedi has put together a note on the Divergence between EU’s General Data Protection Regulation (GDPR) and the Personal Data Protection Bill.

In addition, Pallavi has also contrasted the Personal Data Protection Bill with the GDPR and California Consumer Protection Act, in the contexts of jurisdiction and scope, rights of the data principal, obligations of data fiduciaries, exemptions, data protection authority, and breach of personal data.

On IAPP’s blog Privacy Perspectives, D. Shweta Reddy has assessed whether the Personal Data Protection Bill 2019 is sufficient for India to receive adequacy status from the EU.

Along with Justin Sherman, Arindrajit Basu has outlined the key global takeaways from the Personal Data Protection Bill 2019 on Lawfare.

On The Diplomat, Arindrajit has also traced the narrowing localization provisions in India, as well as Vietnam and Indonesia, and studied the actors and geopolitical tussle that has shaped these provisions.

Through a string of publicly available submissions, press statements, and other media reports, Arindrajit and Amber Sinha have tracked the political evolution of the data protection ecosystem in India, and how this has, and will continue to impact legislative and policy developments on EPW Engage.

Gurshabad Grover and Tanaya Rajwade have written on The Wire about how the Personal Data Protection Bill regulates social media.

Amber was also a guest on Suno India’s Cyber Democracy podcast, with Srinivas Kodali, to discuss how the latest version of the Personal Data Protection Bill will impact the right to privacy.

For more details visit https://cis-india.org/internet-governance/blog/compilation-of-research-on-data-protection

Governing ID: Kenya’s Huduma Namba Programme

amber — 2020-03-02T13:19:15Z

In our fourth case-study, we use our Evaluation Framework for Digital ID to examine the use of Digital ID in Kenya.

Read the case-study or download as PDF.

For more details visit https://cis-india.org/internet-governance/blog/governing-id-kenya2019s-huduma-namba-programme

Governing ID: Use of Digital ID in the Healthcare Sector

Shruti Trikanad — 2020-03-02T13:21:22Z

In our third case-study, we use our Evaluation Framework for Digital ID to examine the use of Digital ID in the healthcare sector.

Read the case-study or download as PDF.

For more details visit https://cis-india.org/internet-governance/blog/governing-id-use-of-digital-id-in-the-healthcare-sector