Naavi.org

When GDPR was introduced EU created so much fuss that it appeared that EU was making a law for the world. The extra-territorial jurisdiction was hyped up so much that Indian companies went into a shock from which they are yet to fully come out.

Subsequently the world was getting used to the GDPR when the Schrems Judgement and the following EDPB guidelines again caused a big stir on Cross border transfer of personal data.

The US Government under Mr Biden caved into the EU pressure and signed on the dotted line in the EU-US privacy agreement.

Now emboldened by the success of GDPR, EU seems to take yet another giant step in global Techno legislation through the Artificial Intelligence Act.

Copy of the Act is available here

The release of the draft Act has come when India is yet to finalize its version of the Data Protection Act and naturally there is a thought about whether any of the provisions of this Act could be included in the Indian proposed data protection Act.

The Tech giants raised a hue and cry when PDPB 2019 asked for Algorithmic bias audit. Probably they will go through this new law with care to see if it affects their business adversely.

The proposed regulatory framework on Artificial Intelligence with the following specific objectives:

-ensure that AI systems placed on the Union market and used are safe and respect existing law on fundamental rights and Union values;

– ensure legal certainty to facilitate investment and innovation in AI;

-enhance governance and effective enforcement of existing law on fundamental rights and safety requirements applicable to AI systems;

– facilitate the development of a single market for lawful, safe and trustworthy AI applications and prevent market fragmentation.

It may take a while for us to study the Act and comment but initial indications are clear that the law could be causing some discomfort to the Industry as well as the Government. Will it remain a small temporary disturbance or a major upheaval?…only time will tell.

The IDPS 2022 is likely to start a discussion on the Act on 11th November in one of the panel discussions.

Let’s look forward to the discussions…

Naavi

IDPS 2022 will be one of the richest Data Protection seminars/webinars to be held in India. Over 18 hours of content are planned to be delivered by experts between 2.00 pm to 8.00 pm on each of the three days, November 11, 12 and 13.

The webinar would be available on the virtual platform of ibentos..com.

Attendance is free but with pre-registration at fdppi.ibentos.com

Additionally more exclusive pre-recorded content would be available in the resource center. Some examples of content that would be available in the resource center are given below.

Bookmark this page and block your calendars. You cannot afford to miss this opportunity.

If you are an employed professional, ,it is time to inform your HR department and your boss that you need to take time off to attend to this webinar. The second and third days are weekends and you need to free yourself only from the afternoon of Friday.

Inform your colleagues also to attend and spread the word through your social media contacts. FDPPI is a not for profit organization and the seminar is offered free. All of you are our co-sponsors of the event and we request you to market the event to your contacts.

Naavi

Yesterday there was an important TV interview of Mr Rajeev Chandrashekar with Mr Arnab Goswami where the minister provided a great insight into the new Intermediary Guidelines  which come as an amendment to the February 25 2021 guidelines. The original version of this was the 11th April 2011 notification under Section 79, a part of which got endorsed by the Shreya Singhal judgement and part of which was clarified by the Visaka industries  judgement .

During the course of the interview several important aspects were discussed by Mr Rajeev Chandrashekar some of which are discussed here.

As regards the formation of the Grievance Appellate Committee (GAC), the minister stated that they delayed the notification by 3 months waiting for the industry to come up with a self regulation which they failed to do. According to the 25th February notification, a suggestion was made that industries could set up Level II dispute resolution mechanisms by creating a dispute resolution body at different industry levels.

Naavi.org had proposed setting up of a digital media compliance guidance center  along with the ODR service from www.odrglobal.in.

Additionally Naavi had suggested an important Self Regulatory method for the industry on the lines of the Domain Name dispute resolution policy such as IDRP/INDRP. This needs mention in the light of the observation made by the minister in the above interview.

We had proposed that the industry should develop an “Intermediary Dispute Resolution Policy” which incorporates the suggested regulatory methods and a voluntary contractual obligation to meet the requirements and settle disputes at the Level II dispute resolution mechanism managed by the industry itself.

Unfortunately the industry was in a combative mode and went to Court to obtain stay on the guidelines and several High Courts readily obliged staying the guideline in part. Had the industry responded positively  the Grievance Redressal Committee would not have been a critical necessity.

Even now the industry should look at the suggestions made for the “Intermediary Dispute Resolution Policy”. 

Second interesting aspect that came up during the interview was related to the “Naavi’s Theory of Data” in which we have discussed the hypothesis which we have named as “Additive Value Hypothesis”

The Additive value hypothesis was one of the three hypotheses which Naavi proposed under this theory, the other two being “Data Definition hypothesis”  and ” Reversible Life Cycle hypothesis“

This theory was presented in the context of the Personal Data Protection Act and the additive value hypothesis recognized that when data changes its avatar from the raw data status to different levels of personal data including pseudonymized state or anonymized state, its value changes. The value may increase in some processes as the depth of the personal data increases and reduces when the data elements are pruned.

When Diamond is cut, we may chip off part of the stone but depending on the angle of the cut the value of the diamond increases. Similarly in some forms of pruning of information, information may shrink but its value may increase.

The theory suggested that the entity responsible for the transformation of data from one status to the other should be credited with the value addition and made the owner for that part of the data. This is the same principle which is followed in the IPR law where value keeps adding and each subsequent creator of value may claim ownership subject to the licensing contract.

In the Arnab Goswami interview, a point was brought by Arnab that “News is created by agencies” and its value is unfairly reaped by the Google kind of information aggregators. He was making a case for the News industry to get a part of the value realization.

This concept that “Raw News” is created by a news agency which is aggregated and modified to create further value by the Intermediaries like YouTube etc goes well with the Naavi’s theory of data. The “News” as data is a matter of “Non Personal Data Value Realization” and hopefully the Government will try to find a mechanism for recognition of data value and a data value exchange mechanism.

This is part of the continuing discussion on Data Monetization and Data Valuation that Naavi/FDPPI are engaged in.

Reference:

Changes to Intermediary Guidelines

Guidelines challenged in Delhi High Court

Delhi High Court judgement of 20th April 2021 (WP 1082/2020)

The Chilling Effect

The Intermediary guidelines and Digital media  ethics  rules of 25th  February 2021  had attracted a  lot of criticism from the industry and has even been questioned in a Court.

A case is also going on in Karnataka High Court where Twitter is trying to fight some of these intermediary guidelines  (refer here)

Now the Government has come up with an amendment of the rules of 25/02/2021 through an amendment notification dated 28th October 2022.

The essential part of the  amendment is captured  below.

1.  Constitution of the Grievance Appellate  Committee

The new  notification states as under:

In the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereafter referred to as the said rules), in rule 2, in sub-rule (1), after clause (k), the following clause shall be inserted, namely:—

(ka) Grievance Appellate Committee‟ means a grievance appellate committee constituted under rule 3A;.

4. After rule 3 of the said rules, the following rule shall be inserted, namely:—

3A. Appeal to Grievance Appellate Committee(s).—(1) The Central Government shall, by notification, establish one or more Grievance Appellate Committees within three months from the date  of commencement of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022.
(2) Each Grievance Appellate Committee shall consist of a chairperson and two whole time members appointed by the Central Government, of which one shall be a member ex-officio and two shall be independent members.
(3) Any person aggrieved by a decision of the Grievance Officer may prefer an appeal to the Grievance Appellate Committee within a period of thirty days from the date of receipt of communication from the Grievance Officer.
(4) The Grievance Appellate Committee shall deal with such appeal expeditiously and shall make an endeavour to resolve the appeal finally within thirty calendar days from the date of receipt of the appeal.
(5) While dealing with the appeal if the Grievance Appellate Committee feels necessary, it may seek assistance from any person having requisite qualification, experience and expertise in the subject matter.
(6) The Grievance Appellate Committee shall adopt an online dispute resolution mechanism wherein the entire appeal process, from filing of appeal to the decision thereof, shall be conducted through digital mode.
(7) Every order passed by the Grievance Appellate Committee shall be complied with by the intermediary concerned and a report to that effect shall be uploaded on its website.

Presently any grievance arising out of ITA 2000 goes to the Adjudicating officer  appointed under Section 46 of ITA 2000 and the appellate Tribunal appointed  under Section 48.

Now a new “Grievance Appellate Committee” will be established for addressing the disputes arising out of the rules under the 25/02/2021 notification. The powers of  this committee  is  restricted  to  this limited extent.

The committee will consist of a  Chairperson and one member both  of whom  will be non Government persons. One would be an official. Probably the Chairperson could be judicial person like the Press Council so that the decisions of the Committee will have sufficient weight.

The  committee is expected to  resolve the appeal within 30 days from the  receipt of the communication from the Grievance Officer who is expected to complete his resolution process within 15 days of  receiving the complaint from the member of the public.

The Grievance Committee may if required take assistance of suitable experts.

Another  point to be noted is that the rule states that the “Grievance Appellate Committee” shall adopt  ODR where in the entire appeal process shall be  conducted online.

Naavi.org has been advocating ODR since around 2005 when the website www.arbitration.in was put up as a platform which could be used. This was later called ODR  Global (www.odrglobal.in). Some proposals were also  discussed  with the Technical committee of the Supreme Court. All these efforts were in the era when online court proceedings were unacceptable to the judiciary and hence did not progress. Now FDPPI has a “Data Disputes Mediation and  Arbitration Center” (DDMAP) ready to provide a platform for such online dispute  resolution.

It is good to note that ODR would be  a mandatory process for this  Grievance Committee,

We may note that the rules donot mention any further remedy beyond the appeal committee. However this will be tested in a Court at some point of time later.

As regards the procedures to be followed

Further, some changes have also been made to  the functioning of the platform as per the following revised provisions.

3. In rule 3 of the said rules,—
(a) in sub-rule (1),—

(i) for clauses (a) and (b), the following clauses shall be substituted, namely:—

“(a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement in English or any language specified in the Eighth Schedule to the Constitution for access or usage of its computer resource by any person in the language of his choice and ensure compliance of the same;
(b) the intermediary shall inform its rules and regulations, privacy policy and user
agreement to the user in English or any language specified in the Eighth Schedule
to the Constitution in the language of his choice and shall make reasonable efforts
to cause the user of its computer resource not to host, display, upload, modify,
publish, transmit, store, update or share any information that,—
(i) belongs to another person and to which the user does not have any right;
(ii) is obscene, pornographic, paedophilic, invasive of another‟s privacy including bodily privacy, insulting or harassing on the basis of gender, racially or ethnically objectionable, relating or encouraging moneylaundering or gambling, or promoting enmity between different groups on the grounds of religion or caste with the intent to incite violence;
(iii) is harmful to child;
(iv) infringes any patent, trademark, copyright or other proprietary rights;
(v) deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any misinformation or information which is patently false and untrue or misleading in nature;
(vi) impersonates another person;
(vii) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitementto the commission of any cognisable offence, or prevents investigation of any offence, or is insulting other nation;
(viii) contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource;
(ix) violates any law for the time being in force;”;

(ii) for clause (f), the following clause shall be substituted, namely:—

“(f) the intermediary shall periodically, and at least once in a year, inform its users in English or any language specified in the Eighth Schedule to the Constitution in the language of his choice of its rules and regulations, privacy policy or user agreement or any change in the rules and regulations, privacy policy or user agreement, as the case may be;”;

(iii) after clause (l), the following clauses shall be inserted, namely,—

“(m) the intermediary shall take all reasonable measures to ensure accessibility of its services to users along with reasonable expectation of due diligence, privacy and transparency;(n) the intermediary shall respect all the rights accorded to the citizens under the Constitution, including in the articles 14, 19 and 21.”;

(b) in sub-rule (2), in clause (a), for sub-clause (i), the following sub-clause shall be substituted, namely:—

“(i) acknowledge the complaint within twenty-four hours and resolve such complaint within a period of fifteen days from the date of its receipt:
Provided that the complaint in the nature of request for removal of information or communication link relating to clause (b) of sub-rule (1) of rule 3, except sub-clauses (i), (iv) and (ix), shall be acted upon as expeditiously as possible and shall be resolved within seventy-two hours of such reporting;
Provided further that appropriate safeguards may be developed by the intermediary to avoid any misuse by users;”.

As regards “publishing of the privacy policy” and “User agreement”, they should be in English or any language specified in the Eight schedule of the  constitution. It is better to read this as “English and any…” otherwise there will be problems in obtaining the consent. Further  the  intermediary shall make “Reasonable efforts” to cause  the  user  not do what  is prohibited. Under  this “Reasonable” requirement perhaps  we need interpret that the policies should be in English  and one of the other languages.

The rule also suggests reasonable efforts to be taken to ensure “Accessibility” to the impaired individuals.

As regards the time line for addressing the grievances the following has been specified.

a) Complaint shall be acknowledged within 24 hours

b)Complaint shall be resolved within 15 days

c) Complaints regarding removal of content shall be resolved within 72 hours

These rules will come into effect in 3 months if there is no judicial intervention.

We need to wait and see how the industry responds.

Naavi