Control over ‘the message’ on the internet is going to be a key factor in Asia’s growing influence and its two largest markets, China and India, have two very different ways of achieving that. But, in the second of a two-part series, Asia Financial’s Indrajit Basu looks at how democratic India seems just as sensitive to online criticism as its large authoritarian neighbour. New Delhi says it’s protecting the public and cracking down on fake news, the tech giants don’t believe them …
(AF) Like China, data localisation and data protection have become significant policy issues in India primarily due to the perceived economic benefits of processing Indian consumer data, and difficulties in accessing personal data for national security and law enforcement.
But unprecedented restrictions on every form of digital content – from social media to streaming platforms – brought in by executive order in late February and made effective from May 25, is sparking fears India is becoming the most heavily regulated of any major democracy.
It is also making the call for new privacy and data protection laws – like the proposed Personal Data Protection Bill (PDP), 2019 – stronger.
Joining the mainland Asia economic powers, India is trying to tackle data protection and privacy with proposed overarching legislation, but unlike China’s proposed Personal Information Protection Law, India’s PDP is still mired in debates and the government’s reluctance to turn it into law.
Instead, by tweaking its Information Technology Act, India delivered a new missive called the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules 2021), that prescribed a sea change in how internet-based businesses and organisations – which include social media platforms, OTT streaming services, digital news outlets, and films and television onstreaming platforms – will be regulated by the government.
The sweeping rules give the Indian government new powers that will force almost every tech company, including the US tech giants, to comply with government surveillance and censorship demands.
In other words, almost everything that happens online now comes under a mechanism of government regulation, and the government now has powers to remove “objectionable” online content and erase people’s right to privacy on social media and encrypted messaging apps like WhatsApp.
What’s more, the rules also put pressure on US tech companies, including Facebook, Twitter and WhatsApp, to toe the line of, what many digital privacy experts say, an increasingly authoritarian Indian government, or risk losing access to their biggest market in the world.
Some even say that both the Asian neighbours are heading in the same direction of digital authoritarianism.
“India’s new rules raise the disturbing possibility of tightening government control over the information ecosystem and what can be said online. We have seen this direction taken by China, and some of the rules restrict companies’ discretion in moderating their own platforms and create new possibilities for government surveillance of citizens,” Kurt Opsahl, the Deputy Executive Director of Electronic Frontier Foundation, the San Francisco-based non-profit digital rights group told Asia Financial.
“These rules threaten the idea of a free and open internet built on a bedrock of international human rights standards,” he added.
Also terming the rules a stark illustration of a desire of the government to control the online conversation, the country’s internet freedom activists add that the rules change the fundamental Internet experience for any user in India.
They extend the government’s control over areas that violate democracy and encourage censorship, as well.
Expectedly, the move has triggered a huge backlash from the world of tech.
Calling the move an attack on free speech and privacy, WhatsApp sued the Indian government on May 26 – just the day after the stricter IT rules came into force.
“Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy,” said a WhatsApp official.
Three days later Twitter accused the India government of “dangerous overreach that is inconsistent with open, democratic principles”, and alleged that it has been forced to “withhold” – block in India – portions of “legitimate free speech” on its platform over fears around the safety of its employees and threats of financial penalties.
Earlier that week, Delhi Police had visited Twitter’s offices in Delhi and neighbouring Gurgaon, to serve notice after the microblogging site tagged some tweets about an allegation by the opposition Congress party over India’s mishandling of Covid’s deadly second wave, which the government wanted to be removed.
Up until now, both WhatsApp and Twitter have refused to comply with the new rules.
Hitting back and warning the company of “unintended consequences” if it did not obey the rules, India’s technology minister slammed Twitter alleging the social media giant has deliberately defied and failed to comply with the country’s new IT rules.
“The issue here is that for these tech giants, few countries are as important as India as a market, but the new rules lack many necessary safeguards that are needed to protect the right to privacy,” Salim Waris, partner with TechLegis Advocates & Solicitors, a law firm specialising in regulatory aspects of Technology, Media, Telecom (TMT) told Asia Financial.
“Significantly, the rules increase state power to surveillance without creating adequate checks and balances and this is a big concern since that could have disastrous consequences for protecting individual’s personal information and privacy,” he added.
Treating India, a country with over 600 million internet users, as a crucial growth engine for the future, these tech giants have invested billions of dollars over the years.
While Amazon has committed as much as $6.5 billion to the country, Google pumped $4.5 billion into India’s biggest telecom company Jio last year, from a newly created $10 billion fund earmarked for investment in India over five to seven years.
‘ABUSE AND MISUSE’
To attract small businesses through WhatsApp, Facebook last year also invested $5.7 billion in Jio.
According to Statista, India in fact is the biggest market for both Facebook and WhatsApp by user numbers, and third for Twitter.
The Indian government, though, argues that the rules are designed to prevent “abuse and misuse” of social media.
The government says that new IT Rules 2021 had become necessary given, “the extensive spread of digitalisation in India over the past decade, the rise of services like Netflix, Amazon Prime, etc, and social media platforms like WhatsApp, Facebook, etc. There was [also] a need to control false information spread via these platforms, and regulate harmful content posted over the internet.”
Instead of seeking control, the government adds, the new rules empower the users of social media by requiring these platforms to put in place a robust public grievance redressal mechanism, and force digital media outlets embrace self-regulation.
“We want them to be more responsible, more accountable,” said IT minister Ravi Shankar Prasad.
The new rules also come at a time when India’s tech platforms are facing threats over content including hate speech, misinformation, and incitement to violence.
Social media, such as Twitter, the government alleges, is being used as an information tool for anti-government actions, such as the huge farmers’ protests that started in India in November.
But the new rules are worrying, says Waris, “because provisions like traceability, decryptions and obligations to allow government access to individual communication go against users’ fundamental rights to privacy laid down by the Indian Constitution and the apex court Supreme Court”.
According to Waris, with 290 million social media users, 340 million messaging application users and around 400 million search engine users, India’s two data regulation rules, the Reasonable Security Practices and Procedures and Sensitive Personal Data (or Information) Rules 2011 and the IT Rules 2021 have proven inadequate in handling the huge volume and the complexity of the data generated in the country.
“That’s because these rules primarily deal with internet intermediaries and blatantly violate rights to privacy, which is why we see the pushbacks and litigations by tech giants,” Waris added.
“India needs proper data protection provision along with an efficient mechanism such as a data protection authority, data protection officer and appellate tribunal, which can only be brought in by quickly adopting the Personal Data Protection Bill 2019,” he said.
Small wonder that think-tanks across the world are banding together calling for an end of ‘digital censorship’.
Two weeks back 14 not-for-profits organisations including Electronics Frontier Foundation, Access Now, Article 19, Human Rights Watch, Internet Sans Frontières and Internet Society revealed an open letter calling upon the government to suspend the implementation of India’s new IT rules.
“Web censorship and user data orders from the Government of India are not issued under judicial or independent administrative process, instead, they come from the unilateral dictates of executive authorities,” the letter said.
On Saturday, in Mandates of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, experts at the United Nations Office of the Human Rights Commissioner, said that India has the potential to develop a legislation that can place it at the forefront of efforts to protect digital rights.
However, the substantially broadened scope of the IT Rules 2021 is likely to do just the opposite.
“We would therefore encourage the government to take all necessary steps to carry out a detailed review of the rules and to consult with all relevant stakeholders, including civil society dealing with human rights, freedom of expression, privacy rights and digital rights”, the report said.