Over the past few years, there has been a substantial increase in parliamentary activity focused on technology related issues, especially in terms of parliamentary questions raised by Members of Parliament ("MPs") in different sessions of Parliament of India. This was also true for the recently concluded budget session held in two phases from 31 January 2020 to 23 March 2020.1

This blogpost analyzes the questions raised on various technology related issues in the Budget Session 2020 on the following topics:

  1. Online content regulation
  2. Data protection
  3. Emerging technologies
  4. E-commerce
  5. Cyber security
  6. Aadhaar
  7. Digital payments
  8. Miscellaneous

A database of questions raised in the Budget Session 2020 from these categories can be accessed here .

A. Common concerns raised by MPs:

The table below depicts the number of questions raised by different MPs in both the Lok Sabha and the Rajya Sabha for each of the categories created in the database:

Category of question Number of questions raised
Online content regulation 18
Digital payments 4
Aadhar 6
Data protection 5
Cyber security 12
E-commerce 3
Emerging technologies 7
Miscellaneous 7

958696a.jpg

Some important insights can be derived from this data:

  1. Maximum questions were raised by MPs on the issue of regulating online content, which included questions on regulation of social media platforms and over-the-top ("OTT") video streaming platforms.
  2. The topic with the second-most number of questions was cyber security, which included questions on steps taken by the government to tackle the increasing number of cybercrimes. Other important issues on which questions were raised include emerging technologies, data protection and Aadhaar.
  3. These 62 questions form 0.69% of the total 8,925 questions (including both starred and unstarred questions) asked in Parliament in the Budget Session 2020.2
  4. Among these 62 questions, MPs from the Bharatiya Janta Party ("BJP") raised the most number of question, followed by the Indian National Congress ("INC"). However, this is merely a result of the strength of these respective parties in Parliament, with BJP having the maximum seats followed by INC.

B. Key takeaways from the parliamentary questions:

1. Online content regulation:

  1. Status of amendments to Intermediaries Guidelines: Many questions were raised about the status of the proposed amendments to the Information Technology (Intermediary Guidelines) Rules, 2011 ("Intermediary Guidelines"). The MeitY clarified that the government is in the process of finalising these amendments. Importantly, the government had released the draft amendments to the Intermediary Guidelines in December 2018. It had also submitted an affidavit in the Supreme Court that it will notify these amendments by 15 January 2020.3 However, the amendments are yet to be notified, though news reports suggest that they may be notified soon.4
  2. Fake news and misinformation: Out of the 18 questions related to online content regulation, most pertained to steps taken by the government to regulate social media platforms for curbing fake news and misinformation, use of social media platforms in election campaigns and to remove unlawful content. There were also questions about a possible regulatory framework for over-the-top ("OTT") video streaming platforms.
    In its response to all such questions, the MeitY noted that the provisions of Information Technology Act, 2000 ("IT Act") and Intermediary Guidelines are used to ensure removal of objectionable online content on social media platforms. The MeitY also highlighted various measures adopted by the government to address these challenges including:
    1. A Counter Misinformation Unit under the Press Information Bureau ("PIB") set up by the Ministry of Information and Broadcasting ("MIB") to counter fake news on policies, schemes, programs etc. notified by Government of India.5
    2. Launch of the Information Security Education and Awareness ("ISEA") programme to educate users about ethics of using internet and advising them not to share rumours.6
    3. MHA's 'Cyber Dost' handle on Twitter is used to spread awareness on cyber safety and cyber security.7
    4. MeitY also mentioned that it had blocked 1,385, 2,799 and 3,635 websites in 2017, 2018 and 2019 respectively.
  3. Regulation of OTT video streaming platforms:
    1. MPs raised questions about whether the government was planning to regulate OTT video streaming platforms such as Netflix and Hotstar. They asked if the government had held any consultations with these platforms, and if it planned to introduce a self-regulatory mechanism for them.
    2. Interestingly, both the MeitY and MIB responded to these questions, though the MIB is the relevant ministry handling the issue of regulation of OTT video streaming platforms.8 In its response, the MeitY said that online video streaming platforms providing curated content need to comply with applicable content related domestic laws. In case of third party content, they are also subject to the IT Act and Intermediary Guidelines. However, the MeitY clarified that there is no proposal with the ministry to regulate such online streaming service providers, nor has it undertaken any consultations with these platforms.
    3. While the MIB echoed MeitY's response in terms of invoking domestic laws and provisions of the IT Act to deal with online content, it mentioned that it has held consultations with three platforms. It also stated that such service providers are in the process of preparing a self-regulatory code for regulating online content on their platform.

2. Data protection:

  1. On data imperialism and data sovereignty: Interestingly, two MPs raised questions about the government's stance on data imperialism and data sovereignty, with one of them asking if 'India has made it clear that any attempt of data imperialism would not be accepted'. MeitY's response to these questions is vague and ambiguous, merely stating that the Justice Srikrishna Committee has dealt with all aspects of cross-border transfer of data in its report. The MeitY did not refer to instances of data sovereignty in government policies such as the draft national e-commerce policy,9 provisions on data localization (clauses 33 and 34) and access to non-personal data (clause 91) in the Personal Data Protection Bill, 2019 ("PDP Bill") and the Reserve Bank of India's circular on local storage of payments related data.10
  2. On personal data breaches: An MP raised a question seeking state-wise and UT-wise number of complaints received by the government for personal data breaches over the last three years. The MeitY responded to this question by merely stating that it has not received any specific complaint pertaining to personal data breaches. This shows that the government does not maintain any database recording instances of personal data breaches even at the government level, despite the IT Act having specific provisions on data breaches.11

3. Emerging technologies:

  1. Steps taken to promote emerging technologies: MPs raised questions about the steps taken by the government to promote AI, including any policy formed to regulate AI. Some of the steps highlighted by MeitY in its response include:
    1. Launching a National Mission on Interdisciplinary Cyber Physical Systems ("NM-ICPS") at a total cost of INR 3,660 crore for a period of 5 years. NM-ICPS plans to establish technology innovation hubs in emerging technologies such as AI, Internet of Things ("IoT"), 3D printing and quantum computing;
    2. Launching the Technology Incubation and Development of Entrepreneurs scheme. It will provide financial and technical support to incubators engaged in supporting ICT start-ups using emerging technologies such as AI, IoT, block-chain and robotics in areas of social relevance;
    3. Establishing Centres of Excellence ("CoE") to promote start-ups in the domains of emerging technologies;
    4. MeitY through National Informatics Centre ("NIC") & National Informatics Centre Services Incorporated ("NICSI") created Centre of Excellence for Data Analytics ("CEDA") to support government departments to unlock the hidden potential of the data that they are generating as a part of the governance processes, and use it to improve the overall governance.
  2. On strategy for AI: In its response to a question on a policy for regulation of AI, the MeitY has discussed the National AI Strategy proposed by NITI Aayog in June 2018.12 MeitY's response seems to give the impression that it will follow the framework suggested in NITI Aayog's National AI Strategy. However, MeitY's response is silent on the issue of the ongoing 'turf war' between NITI Aayog and MeitY over framing of policies for AI regulation. The government formed a separate committee for addressing this issue in October 2019. This committee is headed by K. Vijay Raghavan, who is the principal scientific advisor to the Indian government. It also includes the Secretary, Department of Science and Technology; CEO of NITI Aayog, and Secretary, NITI Aayog. 13

4. E-commerce:

In response to questions about the various aspects of the national e-commerce policy, the Ministry of Commerce and Industry gave the following response:

  1. The government is currently in the process of framing a national e-commerce policy. A series of meetings have been held at the level of Secretary, Department for Promotion of Industry and Internal Trade ("DPIIT") with different stakeholders, including major e-commerce companies, start-ups, industry associations, data centre providers and logistics companies to discuss the relevant issues and the provisions contained in the draft national e-commerce policy.
  2. For data protection related issues, the relevant legislation will be the PDP Bill introduced in Parliament in December 2019. However, the MCI did not expressly state that the national e-commerce policy will defer to the PDP Bill for any data protection related issues, though this can be implied from its response.14

5. Cyber security:

  1. On steps taken to tackle cyber crime: As per statistics provided in response to a question by the MeitY, the number of cyber crime cases in India have more than doubled from 12,317 cases in 2016 to 27,248 cases in 2018. The MeitY also mentioned that attacks on Indian websites originated from various countries such as Algeria, China, France, Pakistan, Russia, Taiwan and Netherlands. Some of the steps taken by the government to tackle cyber crime include:
    1. Establishing the National Cyber Crime Reporting Portal to enable citizens to report complaints pertaining to all types of cybercrimes. 33,152 cybercrime incidents have been reported till 30.01.2020 on the portal, wherein 790 FIRs have been registered by the concerned Law Enforcement Agencies ("LEAs").
    2. The MHA has set up Indian Cyber Crime Coordination Centre in New Delhi to provide a framework and ecosystem for LEAs to deal with cybercrimes in coordinated and comprehensive manner.
    3. Government has formulated Crisis Management Plan for countering cyberattacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
    4. Government has set up National Cyber Coordination Centre ("NCCC") to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. Phase-I of NCCC has been made operational.
  2. On specific cyber crime/cyber security issues:
    1. On the Pegasus-WhatsApp issue: The MeitY denied having any information about the purchase of the controversial Pegasus software by any government agency/department.15 In response to a question on how Pegasus may have been used to conduct surveillance on journalists and human rights activists, the MeitY dismissed it as an attempt to malign the government. However, the MeitY stated that it has sought information from WhatsApp on the need to conduct an audit of its security systems and processes.
    2. On the 'Strand Hogg' issue: An MP had raised certain questions about a bug in the Android operating system called 'Strand Hogg', and the steps taken by the government to counter it. Among other measures, the MeitY stated that the CERT-In had issued a vulnerability note on this issue on 09 December 2019 and alerted users about precautionary measures that should be taken.16

6. Other important questions:

  1. On Aadhaar: Many MPs have raised questions about instances of breach of the Aadhaar database and the steps taken by the government to prevent such breaches. However, in an unusual (though expected) response, the MeitY has stated that there have been no instances of data breach from the Aadhaar database, referring to the Central Identities Data Repository. However, there have been many news reports of instances of Aadhaar data breach.17
  2. On use of facial recognition technology: In response to a question about the privacy implications of the Automated Facial Recognition System implemented by the National Crime Records Bureau, the MHA simply stated in its response that the AFRS does not violate privacy. There was no acknowledgement of the literature discussing the privacy implications of using facial recognition technologies for law enforcement purposes.18
  3. On deep fake technology: In response to a question on legal remedies for victims of deep fake technology, MeitY stated that the IT Act already contains provisions dealing with identity theft and cheating by personation.

C. Conclusion:

It is good to see that MPs from different political parties have raised questions on almost all contemporary technology issues, from the Pegasus-WhatsApp issue to deep fake technology to use of facial recognition technology. However, as has been noted above in several instances, the government tends to adopt political tact to avoid addressing 'uncomfortable' questions, even giving incorrect responses to several questions.

Parliamentary questions are an important source of official information on various issues. It is also an important tool to hold the government accountable for its actions. The government should ensure transparency in its responses to parliamentary questions, especially on issues for which there is publicly available information.

Footnotes

1. Budget session to begin 31 January, will be held in two phases, The Print, 15 January 2020, https://theprint.in/india/governance/budget-session-to-begin-31-january-will-be-held-in-two-phases/350095/

2. There were a total of 5,250 questions (420 starred and 4,830 unstarred questions) raised in the Lok Sabha in the Budget Session 2020; http://loksabhadocs.nic.in/questionslist/MyFolder/23032020.pdf. In the Rajya Sabha, 3,675 questions (315 starred and 3,360 unstarred questions) were raised; for starred questions- https://rajyasabha.nic.in/rsnew/EDAILYQUESTIONS/sessionno/251/ES%2023.pdf; for unstarred questions- https://rajyasabha.nic.in/rsnew/EDAILYQUESTIONS/sessionno/251/EU%2023.pdf.

3. Intermediary Guidelines to be notified by Jan 15, 2020, MeitY tells Supreme Court, Medianama, 21 October 2019, https://www.medianama.com/2019/10/223-intermediary-guidelines-to-be-notified-by-jan-15-2020-meity-tells-supreme-court/.

4. Govt set to notify new social media norms, The Economic Times, 9 April 2020, https://tech.economictimes.indiatimes.com/news/internet/govt-set-to-notify-new-social-media-norms/75055489.

5. Press Information Bureau sets up fact-checking unit to combat fake news related to govt, The Print, 29 November 2020, https://theprint.in/india/press-information-bureau-sets-up-fact-checking-unit-to-combat-fake-news-related-to-govt/328248/

6. Information Security Education Awareness, https://www.infosecawareness.in/

7. MHA Cyber Dost, https://twitter.com/CyberDost?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor

8. MIB to issue list of prohibited content to OTT platforms: Report, Medianama, 21 October 2019, https://www.medianama.com/2019/10/223-ott-content-regulation-mib/

9. The draft national e-commerce policy proposed strict data localization requirements, sharing of 'community data' with start-ups for 'larger public interest', and mandatory disclosure of source code or algorithm by companies to the government, when required. This policy also treated data as a 'national asset' or 'societal commons', which the government held 'in trust' for the citizens; https://dipp.gov.in/sites/default/files/DraftNational_e-commerce_Policy_23February2019.pdf.

10. Storage of payment system data, Reserve Bank of India, 06 April 2018, https://rbidocs.rbi.org.in/rdocs/notification/PDFs/153PAYMENTEC233862ECC4424893C558DB75B3E2BC.PDF.

11. Sections 43(A) and 72 of the IT Act.

12. National Strategy for Artificial Intelligence, Niti Aayog , June 2018, https://niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf.

13. Govt sets up panel to resolve MeitY and Niti fight over AI, The Economic times, 23 October 2019, https://tech.economictimes.indiatimes.com/news/corporate/govt-sets-up-panel-to-resolve-meity-and-niti-fight-over-ai/71712323.

14. Data storage rules out of e-commerce policy, Live Mint, 26 June 2019, https://www.livemint.com/politics/policy/data-storage-rules-out-of-e-commerce-policy-1561488393145.html.

15. Govt Knew NSO, Other Spyware Firms Operated in India: Ex-Home Secy, Bloomberg Quint, 02 November 2019, https://www.bloombergquint.com/quint/whatsapp-pegasus-nso-spyware-former-home-secretary-gk-pillai

16. StrandHogg vulnerability in Google Android, CERT-IN Advisory CIAD-2019-0037, 09 December 2019, https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2019-0037

17. Aadhaar data leak: Details of 7.82 cr Indians from AP and Telangana found on IT Grids' database, First Post, April 15 2019, https://www.firstpost.com/india/aadhaar-data-leak-details-of-7-82-cr-indians-from-ap-and-telangana-found-on-it-grids-database-6448961.html

18. If you thought facial recognition is a privacy nightmare, it is only going to get worse in India, News18, 29 January 2020, https://www.news18.com/news/tech/if-you-thought-facial-recognition-is-a-privacy-nightmare-it-is-only-going-to-get-worse-in-india-2476421.html

Originally published 25 April, 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.