Technology, Media and Telecommunications

The past quarter witnessed several regulatory and legislative developments in the data privacy, fintech and cryptocurrency space. Given that many of these developments are in the public consultation phase, it will be interesting to see how these draft policies evolve over time.

Nikhil NarendranPartner

Swati MuthukumarSenior Associate

Anjana RaviAssociate

The preceding quarter saw several significant developments in the tech space specifically towards regulation of data and fintech in the country. The Joint Parliamentary Committee (JPC) on data protection presented its report on the Data Protection Bill after a lengthy deliberation of over two years. Further, the National Health Authority proposed a health data retention policy. When finalised, these developments will have a significant impact on businesses using data. The preceding quarter also saw a significant step towards active regulation of digital transactions using cryptocurrency, through the Cryptocurrency and Regulation of Official Currency Bill, 2021 amongst other developments in the fintech sector.

Key Developments

  • Joint Parliamentary Committee report on the data protection framework

    On 16 December 2021, the JPC published its report on the data protection framework, along with the revised Data Protection Bill, 2021 (DP Bill). The DP Bill departs from the earlier Personal Data Protection Bill, 2019, by proposing to regulate non-personal data (NPD) within its ambit and retains the provision allowing the Government to seek NPD from businesses for the purpose of delivery of services and policy-making. Further, the DP Bill allows for social media platforms that have a specified number of users, and whose actions are likely to have a significant impact on electoral democracy, security of state, public order or the sovereignty of India to be notified as 'significant data fiduciaries'.

    While the DP Bill lists various other compliances and obligations applicable to data fiduciaries and processors, a number of these have been left to be specified by the Data Protection Authority (DPA), to be constituted under the DP Bill. As a result, the full impact of this legislation may only be clear once the DPA has been established and issues these regulations.

    The JPC’s report has advised the government to set a timeline for compliance with the DP Bill once it has been notified, so data fiduciaries and data processors will likely await clarity in this regard once the DP Bill is enacted into law.

    Please click here to read our detailed update.

  • Consultation Paper on the Draft Health Data Retention Policy

    The National Health Authority released a Consultation Paper on its draft Health Data Retention Policy on 23 November 2021. The draft policy aims to minimise risks associated with retention of personal health data and to maximise benefits from usage of this data by ensuring that data retention guidelines are in sync with all applicable legal and regulatory compliances. In this regard, it suggests classification of data into different categories and proposes retention periods based on such classification.

  • Developments in the fintech sector

    • Restriction on storage of card data and card tokenisation

      The Reserve Bank of India (RBI) notified the ‘Tokenisation – Card Transactions: Card on File Tokenisation’ on 7 September 2021 (CoFT Notification). The CoFT Notification restricts the storage of card data by merchants in a card transaction/payment chain where an RBI-regulated intermediary is involved. It further allows for the storage of Card on File tokens as an alternative to help preserve customer convenience. The restriction on the storage of card data by authorized non-bank payment aggregators and merchants will come into effect from 30 June 2022.

    • E-mandate on recurring transactions

      The RBI’s directions on e-mandates for all recurring transactions on debit and credit cards came into force on 1 October 2021, whereby registration, modification and revocation of all recurring transactions require consent from the customer. This saw many banks implementing e-mandates on a large scale and other payment service providers coming up with solutions for implementing the framework.

    • Report of the RBI Working Group on digital lending

      On 18 November 2021, the Working Group on Digital Lending (WG) constituted by the RBI published its report on the digital lending ecosystem, including lending through online platforms and mobile apps (Report).

      The Report distinguishes digital lending from conventional lending on the basis of its use of digital technologies for lending processes such as credit assessment, loan approval, loan disbursement, loan repayment and customer service.

      Comments on the Report were sought from stakeholders and members of the public. The WG may make further recommendations based on consultations and comments received from the relevant stakeholders. Further, the Report may serve as a guiding document for the RBI to issue directions on digital lending in the future.

      Please click here to read our detailed update.

  • Discussions on cryptocurrency

    The Cryptocurrency and Regulation of Official Currency Bill, 2021 (Cryptocurrency Bill) is set to be introduced before the Parliament. It seeks to create a facilitative framework for the implementation of official digital currency and impose a ban on all private cryptocurrencies. However, the Cryptocurrency Bill also proposes to promote the application of the underlying blockchain technology for various purposes. As per media reports, a Cabinet note on the Cryptocurrency Bill recommends allowing and regulating cryptocurrency in India, contrary to a complete ban. Given that the Cryptocurrency Bill was not introduced in the concluded winter session, it may be tabled in the budget session.

The tech policy and regulatory space will continue to see several developments in the next quarter. With RBI releasing a framework for facilitating small value digital payments in offline mode on 3 January 2022, we expect an uptake in digital transactions in areas with poor or weak internet or telecom connectivity. Further, the RBI has extended access to credit information bureaus for fintech companies by enabling them to register as users, which will benefit fintech companies that do not have a banking license but have tie ups with banks. The Government is also foraying into new areas of regulation by proposing to come up with a policy on education tech, which is likely to see more developments in the next quarter.

More in this issue