Home » , , , , ,

How India’s ridiculous draft mapping data law will impact you (and your business)


Share on Facebook0Tweet about this on TwitterShare on LinkedIn14Email this to someone
bingmaps

In what is a regressive and a remarkably myopic instance of policy making – and right up there in the Daft Government Policy Hall of Fame* along with the Draft Encryption Policy and the Insurance Web Aggregator policy – the Ministry of Home Affairs has released a draft “The Geospatial Information Regulation Bill, 2016” which will make addition of map related information or creation of even maps and sharing of location and map related data illegal without a license.

The bill (download), thankfully still in a draft stage, bans the acquisition of map-related (geospatial) imagery or data without a license or security clearance. Geospatial information refers to information referenced to a co-ordinate system, including:

  • “graphical or digital data” depicting “natural or man-made physical features, phenomenon or boundaries of the earth” or any information related to that including “surveys, charts, maps, terrestrial photos.”
  • “either imagery or data acquired through aerial or space platforms” (satellites, aircrafts, drones etc)

Who will this impact?

Since the information has to be vetted by a security agency, it appears that no realtime map information shall be allowed.

Apart from the usual suspects: Google Maps, OpenStreetMap and, well, Bing Maps, who else does this policy impact? Some examples:

  • Ola and Uber, which plot on a map the location of a taxi cab (man-made physical feature/phenomenon) for a customer and a customer (natural phenomenon) for a taxi cab driver.
  • Ecommerce delivery service providers who plot packages (man-made physical feature) on a map.
  • Whatsapp, which allows you (natural phenomenon) to send your location to your friend.
  • AirBnB and Oyo rooms, which map out properties (Man made physical features) for you to stay in, along with their coordinates and collect (via surveying), photographs of the properties and the surrounding area.
  • Real estate sites like Housing, MagicBricks and 99Acres. Magic Bricks has videos, photos and maps, 99Acres has maps and photos. Some of these sites, we noticed with Housing, even list neighborhood information such as groceries, pharmacies, banks, hospitals etc., all surveyed information.
  • Applications such as Open Signal, which plot cell towers (man-made physical phenomenon) and nearest WiFi hotspots and provide details on 3G and 4G coverage (natural or man-made phenomenon?).
  • Susuvidha, a toilet finder. Toilets are man-made physical features.
  • Zomato helps you find restaurants (man-made physical features), which survey information related to man-made physical features.
  • Twitter and Facebook, where you sometimes give your location along-with content. You’re a, well, natural phenomenon.
  • Most digital photographs contain location meta-data, and by sharing your photos online, you’re adding to a repository of data related to man made phenomenon.
  • Services like TripAdvisor, which have mapped guides and locations mapped.
  • If you’re a journalist, say, writing on a site like Peepli, which has interactive maps with data relevant to news stories. For example, way down this page.
  • If you’re someone taking videos and photos using drones.

It’s important to note that this while initially the bill appears to be focused on the acquisition of data, not necessarily the addition of data, later in the bill it says that

Advertisement

” Any person who wants to acquire, disseminate, publish or distribute any geospatial information of India, may make an application alongwith requisite fees to the Security Vetting Authority for security vetting of such geospatial information and licence thereof to acquire, disseminate, publish or distribute such Geospatial Information in any electronic or physical form.”

This means anyone contributing or publishing such data will also need a license. This will impact not just platforms that allow crowdsourcing (OpenStreetMap and Google Map Maker), but also those giving them that data.

 

So what does this act say?

  1. Who will need permission? an individual, a company, a firm, a trust, an association of persons or a body of individuals, whether incorporated or not, every artificial juridical person (Editor: crawler?).  “Any person who wants to acquire, disseminate, publish or distribute any geospatial information of India, may make an application alongwith requisite fees to the Security Vetting Authority for security vetting of such geospatial information and licence thereof to acquire, disseminate, publish or distribute such Geospatial Information in any electronic or physical form.”
  2. If you already have data (“geospatial imagery or data of any part of India”): within a year of this Act coming into effect, you’ll have to apply for a license, pay a fee, and seek permission from “Security Vetting Authority for retaining such geospatial information”.
  3. What is the Security Vetting Agency? A body created by the Central Government “to carry out security vetting of the Geospatial Information of India…”. It shall “consist of an officer of the rank of Joint Secretary to the Government of India or above as Chairman and two members, one, a technical expert and the other, a national security expert.” It may “delegate to any constituent member of the Security Vetting Authority or any other subordinate committee”…”its powers and functions under this Act”…”except the power to determine whether a licence”…” is to be granted or not.”
  4. What will the Security Vetting Agency check for? 
    1. “sensitivity checks with respect to the technical & information contents and the target area in consonance with the provisions of the prevailing National Policies”
    2. “Screening of the credentials of the end-users and end-use applications, with the sole objective of protecting national security, sovereignty, safety and integrity”
  5. Obligations of a licensee:
    1. No collection, publishing, dissemination or distribution any geospatial information of India through any media or by any means, unless such geospatial information are security-vetted by the Security Vetting Authority.
    2. The licensee shall display the insignia of the clearance of the Security Vetting Authority on the security-vetted geospatial information by appropriate means such as water-marking or licence as relevant, while disseminating or distributing of such geospatial information.
  6. Penalties: 
    1. For illegal acquisition of information: A fine ranging from Rupees one crore to Rupees one hundred crore and/orimprisonment for a period upto seven years.
    2. For illegal dissemination, publication or distribution of information: a fine ranging from Rupees ten lac to Rupees one hundred crore and/or imprisonment for a period upto seven years.
    3. For use of geospatial information of India outside India: Whoever uses any geospatial information of India in contravention unless as per an international convention, treaty or agreement of which India is signatory or as provided in this Act, rules or regulations made later, shall be punished with a fine ranging from Rupees one crore to Rupees one hundred crore and/or imprisonment for a period upto seven years.
    4. Wrong depiction of map of India: a fine ranging from Rupees ten lac to Rupees one hundred crore and/or imprisonment for a period upto seven years.

 

 

Final comments:

  • This looks like a policy made for policing Google maps that has ended up throwing out the baby with the bathwater.
  • The people involved in drafting this have absolutely no clue about how users and businesses use geospatial data to make users lives easier, and how integral it is to every day life. Data is changing and increasing every single minute, and it is impossible to police it.
  • Collection and dissemination of realtime data and its utility is what makes location information useful and special. This kills realtime information.
  • It looks at location information from the myopic viewpoint of businesses and platforms, and ignores crowdsourced information, and indeed, independent crowdsourced maps.
  • A separate policy regarding just security establishments and their removal from mapping information, as well as the depiction of national boundaries of India was all that is needed.
  • It’s hypocritical of a government that promised “maximum governance, miminum government” to try and enforce a License-raj.

The Indian government would do well to junk this poorly thought out bill.

*Disclaimer: This is our reading of the bill, and as a company, you should contact your lawyer for verification

Updated: Fixed some typos

Share on Facebook0Tweet about this on TwitterShare on LinkedIn14Email this to someone
  • abcxyz1234

    Given by the past record of the government (NDA and UPA), it is clear that this is a “control freak” government. Examples: the draconian IT Act itself, arm twisting of Blackberry for encryption keys, support for Section 66A, Encryption Policy, attempts to control porn on internet, TRAI’s (previous chairman) almost undermining of net neutrality in favour of the operators, refusal to recognise privacy as a right, and now this.

    These cannot just be isolated accidents. There is more to them than meets the eye. There is a design to all this. There is a resident powerful indomitable urge to control the citizens in the government machinery.

    Fortunately, most of these attempts have been defeated one way or the other. It seems that if the courts didn’t protect us and uphold freedom, by now we would have become slaves of politicians and babus and our status wouldn’t be different from the citizens in North Korea.

    MediaNama and SaveTheInternet has responded to such attempts on a case by case basis. But all these attempts have to be defeated once and for all. Need to push for a law or constitutional amendment or a decree from the Supreme Court or something that will decisively tell the government once and for all they do not have the right to stamp on the liberty of citizens and businesses.

  • sketharaman

    Not surprised if this policy is “…made for policing Google maps that has ended up throwing out the baby with the bathwater.” Not the first time this has happened in India. Won’t be the last time this happens in India.

    Throwing the baby out with the bathwater is quintessentially Indian culture. I see examples of this day in day out in the corporate and regulatory worlds of India:

    (1) One call center rep answers a caller’s question about his native place. This flouts company policy against sharing personal information with callers. He is not personally reprimanded. Instead an announcement goes out in the P.A system to all the 500 CSRs in the floor reiterating company policy.

    (2) 2% of online credit card transactions are fraudulent. Instead of investing in technologies to ferret out those 2%, we have two factor authentication. It introduces a lot of friction in the online payment journey and results in a lot of failed payments for 100% of the people paying online. So much so that people – including me – stop paying by credit card and go back to COD.

    I won’t blame just the government for this.