Policy Reviews

Policy Reviews

Examining policies around privacy, data governance and usage for being explainable and specific with outcomes

Policies around data privacy and data governance often have a gap between declared intent and implementation. Sometimes this is because the teams drafting these texts are not included in the product/service development cycle. The unintended consequences and end consumer experience are often developed from the effects of this gap.

This project aims to examine the texts of policies to identify data governance practices. And as an outcome it will be producing commentary, opinion and feedback to improve the texts themselves as well how it is easier for the reader to comprehend.

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

srinivas kodali

@iotakodali Author

Sankarshan Mukhopadhyay

Sankarshan Mukhopadhyay

@sankarshan Reviewer

Submission of Comments on draft Indian Telecommunication Bill, 2022

Submitted Nov 10, 2022

(This review of the draft Indian Telecommunication Bill, 2022 was edited and submitted to Mr. Naveen Kumar, Director at Department of Telecommunication (DoT) as part of the consultation. The deadline for submitting comments was 10 November 2022.)

Context - why Hasgeek is making the submission

At Hasgeek, we promote technology skilling and debates among various technology communities in India through various events and discussions. We appreciate the Department of Telecommunication (DoT) efforts to overhaul and modernize the regulatory framework for the digital era.

As part of our communities, we debate on technology practices and best practices for implementing emerging technologies. These practices are often emulated by peers across the industry. We think the present draft Telecommunication Bill is regulation heavy, and does not tackle practical issues of implementation of the regulatory requirements. At the outset, we request you to take back this Bill to the board and have wider consultations on regulating OTTs (Over-the-top media) in particular. The Telecommunication Service Provider (TSPs) arguments of comparing the network layer and the application layer as similar, and thus requiring the same regulations, will cause severe regulatory problems for product and IT companies in India. It is wiser to kindly have larger consultations with Indian IT firms and associations before you introduce this Bill in the Parliament.

Comments on the draft Indian Telecommunication Bill, 2022

At the outset, if the Bill has to be introduced in strengthening regulatory frameworks for various telecom operations, we recommend you reconsider some of the sections that specifically cover the OTT players. The Ministry of Information Technology is understood to be working on a larger Digital India Act (DIA), where there is a provision about regulating various OTT products and other digital media solutions. The draft Indian Telecommunication Bill, 2022 in its present form has dangerous consequences for investor sentiment and ease of doing business in India. The Bill risks India towards a license regime, which will stifle innovation and make it harder to conduct business.

While stating our primary concerns with the present Bill, we are sharing our detailed submissions for the present Bill.

  1. The definitions of “message” as defined in the draft Bill are very broad, and includes any sign, signal, writing, image, sound, video, data stream or intelligence or information intended for telecommunication. This allows the Government to demand any and every bit of information, whether generated by a human or machine to be shared when read with clause 24(2). This has serious implications for individuals’ fundamental Right to Privacy and also the business interests of private companies which can be demanded to share machine-generated data like logs, sensor data and every form of private information.

  2. The definition of “telecommunications services” as defined in the draft Bill is broad, including every mode of information transfer. The draft Bill fundamentally attempts to regulate every aspect of information networks along with telecommunication networks. This definition is excessive and attempts to conflate telecommunications with information services which are already regulated as part of the Information Technology (IT) Act 2008. It is recommended that this regulatory separation be maintained for effective governance and engineering practices that are followed among these two industries.

  3. The definition of “customer equipment” and “wireless equipment” is being further treated as part of “telecommunications equipment” in the Bill. Clause 3(2) may be modified to ensure customer equipment does not require special authorization. While there are existing exemptions for low-energy wireless equipment in certain frequency bands, the Bill needs to recognize the exemptions for customer wireless equipment. “Customer equipment” and “wireless equipment” may be subjected to standards and testing by the Government of India, but cannot be made part of a license regime where their possession needs authorization.

  4. The definition of “specified message” is ambiguous and does not clearly define the scope of the message. As the definition of a specified message is broad, individuals subscribing to any form of notification from any app/website with consent could receive a variety of messages pushed by the app/website. Similarly, this applies to any application with advertisements in-built into the application. It is impossible to change the global advertising practices over the internet to fit DND (Do Not Disturb) systems designed for telecommunications systems like SMS and phone calls. While the government can implement regulations over DND and spam, generic advertisements issued over apps and websites cannot be considered as specified messages.

  5. Regulating spam and fraudulent messages that may scam people is important. Even though email service providers block any emails that may look harmful coming from certain hosts, it is hard to block specified messages across different OTT services. While the government may prescribe ways to regulate spam, it is nearly impossible to scan and stop particular messages in end-to-end encrypted systems, where the service provider does not know what message a user is sending.

  6. Clause 3(1) of the draft Bill grants the Government of India exclusive privilege to provide telecommunication services to the people of India. This is highly objectionable as access to telecommunications services like the internet is recognized as a human right by the United Nations and a fundamental right according to Supreme Court of India in Anuradha Bhasin vs Union of India1 as guaranteed under articles 19(1)(a) and 19(1)(g). In the information age, the sole privilege to access information cannot be with the Government to decide who exercises this right. The draft Bill needs to recognize citizens’ right to communication services, and cannot make the Government of India the sole authority over fundamental rights of citizens.

  7. Clause 3(2) requiring OTT applications like WhatsApp, Signal, Facebook Messenger, etc to obtain a license under the Bill is excessive as the IT Act of 2008 already regulates the information technology services. OTTs can’t be compared with TSPs and other Internet service providers (ISPs). The logic being provided by the telecom companies that OTTs and TSPs perform same/similar functionalities is wrong as OTTs do not own any telecommunications equipment. Besides, they are merely providing a service over the application layer which cannot be confused with providing telecommunication services like TSPs and ISPs.

  8. Clause 5(2) allows the government to allocate spectrum using an administrative process without auctions. This process contravenes the requirement of a fair and transparent process to allocate spectrum. While there might be demand for spectrum for emerging technologies, the Government may reserve and allocate spectrum through regulatory sandboxes only for development and testing. Administrative allocation of spectrum cannot be allocated for full scale market roll out of any form of new or existing applications .

  9. Clause 4(7) of the draft Bill requires the identification of every consumer by OTT platforms. This will force people to identify at every stage of using apps in their daily life. This will also force OTTs to maintain identity databases of every consumer making them ripe targets of cybersecurity attacks. Companies cannot be forced to legally identify every user of OTT apps. Many OTT services like dating apps serve a business and social need of not being identified. Enforcing identification mechanisms cannot be a practice at every service; identification of every consumer will only lead to loss of privacy.

  10. Clause 23 of the Bill proposes standards that will be recommended by the Government of India. These standards must protect the constitutional rights of citizens and must be aligned with globally accepted standards bodies of Institute of Electrical and Electronics Engineers (IEEE), 3GPP (The 3rd Generation Partnership Project), etc. Standards that are specifically designed for the Indian market, without global acceptance, will discourage manufacturers to invest in making equipment only for India. Testing is a vital aspect of standards and it is important to ensure that the telecommunication infrastructure is free of any potential loopholes that can lead to cybersecurity incidents. The current testing and ratings practices are spread among multiple standards bodies in India. There is a need for rationalization of both standards making and testing with respect to telecommunications equipment.

  11. Clause 24(1)(a) of the draft Bill allows the Government of India to take over possession of telecommunications infrastructure in cases of public emergency. With the broad definition of telecommunications infrastructure and lack of a clear definition of national security, public safety and public emergency, the seizures and possession of this infrastructure will open up unreasonable interference of the state in the operations of OTT companies. This will take away the business-friendly environment for IT companies, with a potential government agent at their doorstep all the time.

  12. The definition of public emergency and national security is not defined in the Bill. Existing Telecom Suspension Rules 2017 have been widely used by various states to shut down the internet for non-emergency use scenarios, leading to severe economic loss to the industry and also the general public.

  13. Clause 24(2)(a) requires interception or detaining of messages related to a particular subject in case of a public emergency. This requires scanning of all messages over telecommunications networks for keywords related to a particular subject, and is impossible to implement in end-to-end encrypted systems. Clause 24(3) also requires the very same messages to be allowed when an individual is a registered press correspondent. This will require telecommunications service providers to gather employment information of all registered press correspondents in India, leading to the potential rise of interception requests on these very individuals. These clauses directly violate every individual’s fundamental rights to information and privacy.

  14. The draft Bill does not address the need for surveillance reforms as required by the Puttaswamy Vs Union of India judgement. With no Data Protection Act being in place, the Telecommunications Bill’s provisions on interception and identification of every message are a blatant violation of an individual’s fundamental right to privacy. The Bill needs to meet the proportionality test as described in Puttaswamy Vs Union of India2.

  15. The creation of a Telecommunications fund is welcome. It will further help in promoting research and development of newer technologies. While the aim of the fund is clear, we request that the fund also be used for educational activities of telecommunication-related technologies. Ham Radio and Community Radio communities in India do an excellent job of teaching radio techniques. We request the government to improve educational activities through these communities, and improve technical education. Promoting interest in radio and creating skilled radio technical experts is the need of the hour for further research and development in the space.

  16. Clause 48 of the draft Bill prescribes liability to employees in case any offences are committed. This is an excessive measure being proposed to punish employees if the company challenges any directions issued under the Bill. Clause 48 needs to be reconsidered. Employees acting at the behest of the board and its decisions should not be punished for merely performing their job.

  17. Clause 50 of the draft Bill recommends the power of search for authorized government officials to search any location containing telecommunications equipment. This power of search requires safeguards to not be abused. The draft Bill should further incorporate these safeguards to seek recourse for any form of misuse of this power.

  1. Under Anuradha Bhasin vs Union of India, the Supreme Court ruled that an indefinite suspension of internet services is illegal under the Indian law and that orders for internet shutdown must satisfy the tests of necessity and proportionality. See https://globalfreedomofexpression.columbia.edu/cases/bhasin-v-union-of-india/ for summary and background.
    Also see https://indiankanoon.org/doc/82461587/ for the text of the case and judgment. ↩︎

  2. The Puttaswamy vs Union of India is the cornerstone of the ‘Right to Privacy’ jurisprudence in India. The nine Judge Bench unanimously reaffirmed the right to privacy as a fundamental right under the Constitution of India. See https://privacylibrary.ccgnlud.org/case/justice-ks-puttaswamy-ors-vs-union-of-india-ors for an analysis of the case.
    Also see https://indiankanoon.org/doc/127517806/ for the text of the case and judgment. ↩︎


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more