In the backdrop of continued scrutiny of activities of internet platforms, the Government proposed amendments to the e-commerce rules. Meanwhile, the restrictions on online publishers of news and curated content introduced earlier this year, faced judicial challenges across the country. Online gaming also suffered a setback as Karnataka joined Tamil Nadu, Andhra Pradesh and Telangana, in imposing restrictions on the industry. However, a judgment of the Madras High Court proved to be a silver lining - a total ban on online gaming was not upheld. In the fintech sector, digital payments witnessed a slew of directions from the Reserve Bank of India for enhancing security that are likely to drive up compliance burden for the concerned players. However, telecom sector received some leniency from the government in the form of reforms that could substantially ease their financial burden. Drone regulations also received a face lift. However, the long-awaited data protection law is likely to be further delayed.
Regulations for Online Platforms
The Government has recently been tightening regulations governing internet platforms. On 25 February 2021, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IDMC Rules) were notified imposing stringent compliances on social media platforms, digital news media, news aggregators and online curated content providers.
The IDMC Rules have been criticised for being unconstitutional, arbitrary and exceeding the scope of the parent legislation, the Information Technology Act, 2000 (IT Act). On 14 August 2021, the Bombay High Court passed an interim order (applicable throughout India), staying the operation of those portions of the IDMC Rules which required publishers to comply with certain norms of journalistic conduct, programming code and a code of ethics, to be enforced through a three-tier grievance redressal mechanism (with the final tier formed by the government). The High Court found these provisions to be prima facie violative of the constitutional guarantee of freedom of speech and expression.
The IDMC Rules are also facing separate challenges before the Calcutta, Delhi, Karnataka and Madras High Courts. If successful, these challenges will serve to rein in the excessively restrictive provisions of the IDMC Rules and give internet companies some much needed breathing space.
Another development that could also have wide ranging consequences for online platforms are the amendments proposed by the Department of Consumer Affairs to the Consumer Protection (E-Commerce) Rules, 2020 (Draft Rules). The Draft Rules propose mandatory registration of online platforms with the government and the appointment of employees (who are resident Indian citizens) to take care of compliances, grievances and coordination with law enforcement agencies. Such requirements could impede the operations of global platforms servicing Indian customers and drive-up compliance costs. The Draft Rules also provide for a blanket prohibition on listing goods and services of related parties, restrictions on cross-selling, use of consumer information, conducting flash sales, fall-back liability, etc., which could impose various operational hurdles. Reportedly, the Draft Rules have received considerable pushback from the industry, as well as from within the Government itself, encouraging the Government to revisit them.
The Covid-19 pandemic saw an increase in revenues and a growth in the customer base of online, real-money gaming companies in India. The sector grew around 43% in 2020, making India the fastest expanding market in the world for online gaming.
In India, States have the authority to regulate gambling. Traditionally, real money gaming has been regulated in the same way as gambling. Though Indian courts have time and again held that States cannot regulate 'mere games of skill', this has not stopped some States from labelling games such as Rummy and Poker (which are predominantly skill-based) as gambling when played for stakes. This has resulted in uneven regulation.
Recent attempts at such regulation include the Tamil Nadu Gaming and Police Laws (Amendment) Act, 2021 banning all online games played for stakes, and a notification by the Kerala government bringing online rummy played for stakes within the ambit of gaming. Both these actions were challenged before the respective High Courts and struck down. Now, Karnataka has also amended the Karnataka Police Act, 1963 to ban online real-money games. This is likely to be challenged by the gaming industry but the ensuing uncertainty is likely to adversely affect an otherwise booming sector.
In the last quarter the Reserve Bank of India (RBI) took several key steps to strengthen the security of digital payments in the country.
In the wake of a number of data breaches from payment intermediaries, the RBI, in August 2021, introduced a regulatory framework governing the outsourcing activities of payment system operators (PSOs). The framework restricts PSOs from outsourcing key functions like customer data management and imposes heightened compliances such as vendor due diligence for outsourcing.
The RBI also issued a new Master Direction on Prepaid Payment Instruments (PPIs). The directions simplify the classification of PPIs, further the agenda of interoperable PPIs and also make 'additional factor of authentication' (AFA) such as OTP mandatory for wallet transactions. On a related note, as per RBI's instructions, from 1 October 2021 auto-debit transactions based on customers' standing instructions cannot go through unless they have registered for e-mandate facility with the issuer of the payment instrument. Each transaction will now need to be authenticated by the customer through AFA.
The RBI had previously restricted payment aggregators and merchants from storing actual card data. It has now extended this mandate to all entities other than card issuers and card networks in the payment chain, requiring them to purge any actual card data available with them by 1 January 2022. To ensure that customers do not have to type in their card credentials for every transaction as a result of this measure, the RBI has, from September 2021, permitted card issuers and networks to provide 'card-on-file tokenisation services'. This will permit online merchants to store a unique ‘token’ or code instead of the card details and use it for subsequent transactions. Tokenisation will also reduce security risk arising from breach of merchant's stored card data.
It is expected that all these steps taken by the RBI will give a fillip to digital payments.
The Cabinet has, in September 2021, approved several key structural and procedural reforms for the telecom sector. These include: (i) amending the definition of 'adjusted gross revenue' (on the basis of which telecom operators pay license fees to the government), to exclude non-telecom revenue, (ii) providing a four years moratorium for payment of past dues (iii) permitting 100% foreign direct investment (FDI) without government approval in telecom companies, (iv) doing away with payment of spectrum usage charges to the government for spectrum allotted in the future, (v) substantially reducing the bank guarantee obligation of telecom operators, and (vi) increasing the tenure of spectrum obtained in auctions to 30 years. These reforms will provide a significant boost to the beleaguered industry once implemented. The Government in October 2021 has issued a press note to implement the FDI relaxations and amended the relevant FEMA notification.
The license conditions for providing the telecom service of 'Very Small Aperture Terminals (VSAT) Closed User Group (CUG)' were also recently amended to allow mobile operators to connect their towers in remote or inaccessible areas to their larger network through satellite connectivity offered by VSAT CUG operators.
In August 2021, the Ministry of Civil Aviation notified the Drone Rules, 2021 to replace the compliance heavy Unmanned Aircraft System Rules, 2021. The new rules are more progressive and provide major relaxations on the number of approvals and form filings required to operate drones in India. Restrictions on foreign ownership have also been relaxed.
Government access over data
The Government is reportedly set to formalise and implement 'NATGRID', a surveillance platform allowing authorised law enforcement agencies to receive real time data from 21 sources including airlines, banks, railways, securities regulator, telecom operators, etc., to counter terrorism. In the light of the 'Schrems II' decision of the Court of Justice of the European Union which requires organisations transferring personal data outside of the European Union (EU) to verify whether the laws and practices of the recipient country may impinge on the safeguards that must be provided under EU laws, it is possible that the powers that NATGRID can wield with regard to access to data may raise red flags in data transfer assessments. This could detrimentally affect the Indian outsourcing industry.
Privacy and data protection
India has been awaiting a data protection legislation for many years. The Personal Data Protection Bill (PDP Bill), introduced in the Parliament in 2019, was sent for deliberations to a Joint Parliamentary Committee (JPC) which is set to submit its report to the Parliament in December. Reportedly, the JPC will be proposing over 100 changes to the PDP Bill.
In the absence of a law, Indian courts are in the interim grappling with privacy related issues. Recently, the Madras High Court dismissed a claim based on the 'right to be forgotten', on the ground that the right does not have any statutory backing. Several other high courts, on the other hand, have granted interim relief or admitted claims based on this right. These conflicting judicial positions have led to ambiguity in the legal position. A legislative framework to give effect to the judicially recognised fundamental right to privacy is therefore imperative.
While the pandemic recedes, the technological evolution brought about by the restrictions and the consequent growth of the TMT space will leave a lasting impact. It will be interesting to see which industries continue to maintain the growth trajectory without the unprecedented catalysts created by the pandemic.
On the regulatory front, the government is reportedly in discussions to streamline the IT Act. The telecom licensing regime may undergo an overhaul in favour of a more ‘light touch’ regulation. Satellite communications is likely to open up for private participation. Following the success of Unified Payments Interface, the government is pushing for other open architecture initiatives like the Open Network for Digital Commerce and this is another area that promises change.